America’s Government Accountability Office has revealed that America’s premier space agency has failed to assess cybersecurity risks properly.
The GAO is the Australian National Audit Office equivalent in the United States, and it published a report last week that is critical of the National Aeronautics and Space Administration (NASA) for not having all risk management measures in place to prevent cyberattacks of all kinds.
That published report, however, is a redacted version of a document provided to NASA by the GAO in March because the space agency deemed certain information to be sensitive.
The GAO’s review of NASA’s cybersecurity readiness found that there were a range of measures that were either fully or partially implemented, but the “partial determinations indicate that NASA did not perform key activities within the [seven] steps”.
Steps referred to by the GAO are stages of a risk management process for cybersecurity that feature the following steps: preparation, categorisation, selection, implementation, assessment, authorisation, and monitoring.
The organisation is described as fully complying only with the implementation step, but every…
