A new report[pdf] by the NASA inspector general exposes major shortcomings in the cybersecurity posture of the NASA Jet Propulsion Laboratory, as a result of which the research center “has experienced several notable cybersecurity incidents that have compromised major segments of its IT network,” over the past decade.
Glaring security weaknesses include a lack of network segmentation, privileged access controls, network visibility and proactive measures such as threat hunting. The report notes that “despite these significant concerns, the contract NASA signed with Caltech in October 2018 to manage JPL for at least the next five years left important IT security requirements unresolved.”
Read more: Cyber Weaknesses That Led to Breaches at NASA’s JPL Persist, Says IG
As background for why the NASA infrastructure is so critically important to protect see the OODA special reports on the Cyber Threat to the Artemis Program and Executive’s Guide to Innovation in Space, both available to our readers via our OODA Network Resources page