The Government Accountability Office has recommended that NASA develop a plan to incorporate cybersecurity principles and best practices into its spacecraft acquisition policies and standards to ensure that its space vehicles can defend against advanced cybersecurity threats.
GAO found that while NASA has established cybersecurity requirements for its programs, it has yet to implement mandatory cyber rules for the acquisition of spacecraft and other systems.
In 2023, NASA issued a best practices guide on cybersecurity principles and controls and potential cyberthreat mitigation strategies but its implementation is optional for spacecraft programs.
GAO warned that without consistent implementation of cybersecurity controls, NASA lacks assurance that its spacecraft programs “have a layered and comprehensive defense against attacks.”
To address this concern, GAO recommended that NASA create an implementation plan with time frames to incorporate essential security controls into its spacecraft acquisition policies.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!