WASHINGTON – The bipartisan leadership of the House Science Committee has called on the Government Accountability Office to investigate NASA’s cybersecurity activities amid growing concerns about piracy of government computer systems.
In a May 27 letter, the committee’s top Democrats and Republicans called on GAO to investigate the “cybersecurity risks to sensitive data” associated with NASA’s major programs. This includes comparing NASA’s activities with key cybersecurity practices and identifying additional practices that the agency should adopt.
The letter did not identify any specific breaches of NASA’s cybersecurity or any other event that prompted the request for review, but rather long-standing concerns about the agency’s vulnerabilities. “It is not understood to what extent these ongoing deficiencies have affected the agency’s ability to protect its most sensitive data, especially data related to its major space development projects and spacecraft and flight operations. human space, ”members wrote in the letter.
NASA’s Office of Inspectors General (OIG) has regularly reviewed and criticized NASA’s approach to information technology management in general and cybersecurity in particular. In its most recent cybersecurity report, released on May 18, it warned of the growing cybersecurity threats to the agency.
“Attacks on NASA networks are not a new phenomenon, although attempts to steal critical information are increasing in both complexity and severity,” the OIG report concluded. He noted that fishing attempts doubled and malware attacks increased “exponentially” during the relocation to remote jobs caused by the pandemic.
“The cyber threat to NASA’s computer networks due to Internet-based intrusions is expanding in scope and frequency, and the success of these intrusions demonstrates the increasingly complex nature of cybersecurity challenges that faces the Agency, ”the report states. These threats, as described in the report, range from coordinated attacks by groups of Chinese hackers to a hired NASA employee who installed software on the agency’s computers to exploit the cryptocurrency.
The OIG report criticized the agency for a “disorganized” approach to managing information technologies, such as funding redundant services. NASA also prioritizes cybersecurity for some key programs, such as the International Space Station, “leaving cybersecurity for other mission systems as a secondary concern.”
The Science Committee leadership, in its letter to GAO, suggested that their request for study was also motivated by cybersecurity issues elsewhere in the federal government. “Recent and sophisticated cybersecurity attacks against various federal government systems that went undetected for months underscore the importance of having robust processes in place to manage cybersecurity risks related to sensitive NASA data,” they wrote.
This includes what is known as the “SolarWinds” hacking of computer systems by both the government and the private sector so cybersecurity analysts believe it was a piracy group affiliated with Russian intelligence. These hackers last year compromised the software developed by a company called SolarWinds that is in charge of network management. This gave hackers access to SolarWinds customers ’computer networks, including several major companies and federal agencies.
“SolarWinds was a great wake-up call,” said Kathy Lueders, NASA’s associate administrator for exploration and human operations, when asked about cybersecurity at NASA during a May 25 meeting of the Board of Trustees. Aeronautical and Space Engineering and the Board of Space Studies of the National Academies.
He did not delve into the specific steps NASA took in the wake of SolarWinds hacking, but stressed the importance the agency gave to cybersecurity. “This has been absolutely a major area for us for the last four or five years.”
One problem is dealing with companies and the use of commercial assets, whose cybersecurity vulnerabilities can become ways to circumvent NASA’s cybersecurity defenses. “It’s a big concern for us,” he said. “We need to figure out how to be able to do that and protect ourselves, even though we’re at the forefront.”
The letter to the GAO was signed by representatives Eddie Bernice Johnson (D-Texas) and Frank Lucas (R-Okla.), Chair and senior member, respectively, of the full House Science Committee, and representatives of Don Beyer (D-Va.) And Brian Babin (R-Texas), chairman and ranking member, respectively, of the space subcommittee.