Thursday, October 15, 2009

GAO cites NASA cybersecurity flaw

In a report released today, the Government Accountability Office said that during 2007 and 2008, NASA reported 1,120 security incidents that resulted in the installation of malicious software on its systems and unauthorized access to sensitive information.

GAO found that while the NASA has made important progress in implementing security controls and various aspects of its information security program, "it has not always implemented appropriate controls to sufficiently protect the confidentiality, integrity, and availability of the information and systems supporting its mission directorates."

GAO reported that NASA did not consistently implement effective controls.



"GAO's findings remind us that much remains to be done to ensure the security of all of our federal agencies' IT networks," said committee chairman Bart Gordon (D-TN). "Although cybersecurity has long been a priority for the federal government - Congress has passed 12 major pieces of legislation that address the issue since 1987, both the Clinton and Bush administrations instituted major cybersecurity initiatives, and $7 billion annually is spent on various aspects of securing cyberspace - the threats to our systems remain."

No comments: