NASA Cybersecurity Challenges: Addressing Policies and Standards

The National Aeronautics and Space Administration (NASA) has made progress in addressing its cybersecurity challenges, but there are still concerns about the optional nature of its security policies and standards, according to a recent report by the US Government Accountability Office (GAO).

The GAO reviewed three NASA projects and found that while contractors were required to address cybersecurity in their contracts, NASA has not updated its policies since issuing the Space System Protection Standard in 2019. Additionally, the Space Security: Best Practices Guide issued last December is optional for spacecraft programs.

In response to the report, NASA CIO Jeffrey Seaton acknowledged the need for continuous improvement in policies and standards but raised concerns about the diversity of spacecraft and the engineering constraints involved in implementing cybersecurity measures. Seaton emphasized the challenge of balancing security with practicality, especially when considering the limited space, weight, and power available on spacecraft.

Experts in the field, such as Kevin Kirkwood and Jeff Hall, stress the importance of finding the right balance between engineering constraints and security robustness to protect NASA’s valuable systems from potential threats. Kirkwood highlighted the need to address worst-case scenario threats, such as the ability to manipulate a spacecraft’s navigation or environmental systems.

As NASA works to update its cybersecurity policies and standards, the focus remains on ensuring the safety and security of its missions and personnel in the face of evolving cyber threats. The journey to strengthen cybersecurity at NASA is expected to be a complex and ongoing process, requiring a combination of policy improvements and technological advancements to safeguard the agency’s critical assets.