Priya Patel
TLDR:
- NASA spacecraft lacks mandatory cybersecurity controls for acquisition policies and standards, putting the technology at risk of cyberattacks.
- GAO recommends NASA develop an implementation plan with time frames to update its spacecraft acquisition policies and standards.
In a new Government Accountability Office (GAO) report, it was revealed that NASA’s spacecraft development programs lack mandatory cybersecurity controls for acquisition policies and standards, which could potentially expose the technology to cyberattacks. The report specifically highlights the Orion Multi-Purpose Crew Vehicle as being vulnerable to cyber threats.
Although NASA has made efforts to enhance its cybersecurity requirements in recent years, the GAO found that the most recent security guidance is not required for spacecraft programs. The report also notes that NASA does not have an implementation plan and time frame to incorporate additional security controls into acquisition policies and standards, leading to inconsistent implementation of cybersecurity controls.
In response to the report, NASA’s Chief Information Officer, Jeffrey Seaton, mentioned that the agency incorporates controls based on specific cyber and risk threats that could impact different mission vehicles. However, NASA disagreed with the need to establish a timeline for updating policies, citing concerns about potential impacts on spacecraft objectives and safe operation.
Ultimately, the GAO recommended that NASA develop an implementation plan with time frames to update its spacecraft acquisition policies and standards to incorporate essential controls required to protect against cyber threats. While NASA agreed to update its policies, the disagreement over establishing a timeline remains unresolved.
Overall, it is crucial for NASA to prioritize cybersecurity standards in its spacecraft development programs to ensure the safety and security of its technology in an increasingly digital and interconnected world.
