WASHINGTON — NASA has not done enough to protect its computer systems against intrusions and cyber attacks, according to a U.S. Government Accountability Office (GAO) report released Oct. 15.
“Although NASA has made important progress in implementing security controls and aspects of its information security program, it has not always implemented appropriate controls to sufficiently protect the confidentiality, integrity, and availability of the information and systems supporting its mission directorates,” the GAO wrote in the report, “NASA Needs to Remedy Vulnerabilities in Key Networks.”
According to the report, which was called for by Congress in the NASA Authorization Act of 2008, NASA reported 1,120 security incidents in 2007 and 2008 that resulted in the installation of malicious software on its systems and unauthorized access to sensitive information.
“Despite actions to address prior security incidents, NASA remains vulnerable to similar incident,” the GAO wrote.
House Science and Technology Committee Chairman Bart Gordon (D-Tenn.) said in a statement that the GAO’s findings are a reminder that “much remains to be done to ensure the security of all of our federal agencies’ [information technology] networks.”
In an Oct. 9 letter to the GAO, NASA Deputy Administrator Lorisaid NASA “generally concurs” with the report but notes that many of the recommendations already are being implemented. A copy of Garver’s letter was included in the final report.