Protecting and Safeguarding NASA Information and Information Systems
What if this article was the national
headline across the United States?
Is NASA protecting and safeguarding
its information and information
systems? Is it possible to protect
and safeguard information and
information systems 24/7?
How can any Federal agency protect
and safeguard information and
information systems with the new
challenges in cybersecurity? What is
the first step in meeting this type of
challenge? Over the last few years,
NASA has promoted the Annual IT
Security Awareness Training, which
is a mandate for all Federal and
contractor employees. The training
is the first step toward teaching the
NASA community how to protect and
safeguard information. The importance
of awareness and various activities
such as WebEx training sessions
on protecting home computers and
learning how to detect, prevent, and
safeguard against the various malicious
code sent through email and Web sites
reinforces training and reminders.
Recently, NASA’s Inspector General
pointed out in his testimony at a
congressional hearing that the Agency
had experienced 5,408 computer
security incidents in 2010 and 2011.
These intrusions resulted in the
installation of malicious software or
unauthorized access which caused
significant disruptions to mission
operations, theft of export-controlled
data and technologies, and cost
the Agency more than $7 million.
In March 2012, the NASA Administrator
issued an Agency-wide message on
the importance of securing NASA
laptops, iPads, and smartphones,
which was a major step to strengthen
the role of the Chief Information Officer
(CIO) and IT security. The Administrator
stated, “I take the issue of IT security
very seriously—both for our equipment
and the information stored on it.
Information security maintains the
integrity of our programs and ultimately
keeps our missions and people safe.”
NASA has a wide array of
organizational operations that support
its missions. These operations
may have different risk tolerances.
Understanding these differences and
the overall risk to the enterprise is
challenging in such a large, diverse
organization. To date, the Advanced
Persistent Threats, called APTs, have
compromised computer networks
virtually across every Government
and department agency and invaded
the systems of nearly every major
defense contractor. Therefore, the
risk level has increased. Our need
to protect information systems and
the information stored on NASA
equipment is greater than ever before.
The rapid growth of the Internet and its
various facets, such as social media
sites, wikis, blogs, and Web sites, to
disseminate information across the
masses is no longer novel. This trend
has given rise to rogue elements within
the cyber community who misuse
the privileges of easy access to a
wide audience to cause damage to
the security and economic fabric of
Federal and non-Federal entities.
NASA strives to continue to be a
leader in innovation and technology
across the Federal sector. To preserve
that legacy, cybersecurity at NASA
must be an agile, forward-thinking,
and cohesive organization thereby
allowing NASA to ensure that the
projects, programs, and missions are
protected and safeguarded against
the ongoing global threats from
cybercriminals, hackers, and organized
groups. To achieve this goal, all NASA
employees must take responsibility
for safeguarding the security of NASA
information. As a united front, NASA
employees can protect, prevent, and
preserve information and information
systems—the key to beginning a
cybersecurity transformation at
NASA. Cybersecurity challenges over
the next decade demand enhanced
collaboration, communication, and
resources to meet the emerging and
ever-changing threat environment.
The Office of the Chief Information
Officer and the IT Security
Division remain committed to
continued improvement of the IT
security posture as the NASA IT
security program transforms and
matures in the 21st century.
