According to a recent audit by the NASA Office of Inspector General (OIG), the US space agency’s cybersecurity program has not been properly implemented and therefore deserves only a level 2 maturity rating out of 5. To put this in perspective, cybersecurity programs with a rating lower than 4 are considered ineffective.
The report singled out “the issue of missing, incomplete, and inaccurate information security plan data” and also criticized the agency for “the untimely performance of information security control assessments.” These issues “could indicate control deficiencies and possibly significant threats to NASA operations,” according to the OIG.
NASA experienced a security breach in 2018 in which sensitive information including staff usernames, names and project names were leaked.