Even NASA struggles to keep its user data safe and secure

(Image credit: ahundt / Pixabay)

Though many businesses are winding down for the festive period, NASA’s Office of Inspector General (OIG) has published a report of an audit carried out into the space agency's data handling.

The OIG noted that NASA processes a lot of personally identifiable information. As it deals with the public and other outside organizations, it is highly susceptible to data breaches that could seriously harm any individuals affected.

NASA privacy and cybersecurity officials were interviewed and privacy questionnaires were reviewed, among other things, to paint a picture of its cybersecurity performance so far.

NASA audited for its cybersecurity

The OIG said NASA’s approach to privacy was “comprehensive” and that there are plenty of things to like, but the report also highlights some additional steps to protect individuals’ personal information.

The space agency has been criticized for relying on users to self-report potential breaches instead of making full use of the data loss prevention (DLP) built into the Microsoft 365 platform that it uses, which is designed to automatically detect incidents.

Between October 2021 and March 2023, NASA’s Security Operations Center was found to have logged 118 self-reported incidents suspected to involve personally identifiable information.

NASA was also criticized for having too many documents and policies that appear to conflict with each other, rendering directions "unclear." The OIG called for a common understanding of what constitutes a breach and when to activate a Breach Response Team.

A total of six recommendations have been made, leaving plenty of room for improvement. They include improved documentation of some processes, the establishment of DLP roles and responsibilities, more guidance for tracking and documenting incident response, updated policies, regular tabletop discussions, and more training.

While this article doesn’t touch on the things that NASA has been credited for doing well in the interest of conciseness, the agency has been following plenty of best practices in a bid to protect individuals. Clearly, though, an evolving cybersecurity landscape calls for constant adaptations to any business or organization’s measures.

Via The Register

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!