National Aeronautics and Space Administration

NASA’s mission is to pioneer the future in space exploration, scientific discovery and aeronautics research.



NASA leadership in areas like cloud computing are being watched by most other federal agencies. NASA is influential in these are many other IT areas. But its security is lacking.

Cyber/Information Technology Trends

  • Security Operations Center
    • works with Computer Forensics and Incident Analysis + Cyber Threat Analysis Program
    • maps serious threats
    • provide the following services
      • system monitoring
      • network flow monitoring
      • log aggregation, correlation and analysis
      • Vulnerability detection and management.
      • Threat management and tracking.
      • Incident coordination and management.
      • Computer forensics analysis.
      • Malware analysis and reverse engineering.
      • Advanced persistent threat defense.
      • Threat notification
      • SOC help desk.

Items of Interest

NASA services migrating to cloud

The NASA will migrate the following services to the cloud

  • Geospatial Services
  • Document Management

Congress Bans Scientific Collaboration with China, Cites High Espionage Risks

A two-sentence clause in the most recent U.S. spending bill prohibits the White House Office of Science and Technology Policy and NASA from coordinating any joint scientific activity with China. This is due to the thought of a high amount of espionage radiating from

NASA Network Security Audit reveals Vulnerabilities

Audit finds that NASA mission servers are vulnerable to network attacks. Additionally — attacks coming through mission server vulnerabilities can help attackers move into other networks. The audit found “network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.” It seems that there are gaping holes in NASA security, and they need immediate triage support.

NASA to lose 24% of IT Infrastructure budgeting in 2012

The latest budget prognosis for 2012 is shaving around $500M from the NASA infrastructure. NASA is on the cutting edge with their Nebula Cloud, but are experiencing difficulties in other IT arenas.

NASA gets a head start on cybersecurity improvements

“We’re meeting all the reporting requirements for CyberScope using the new tool,” Meissner says. “We believe we are one of the few agencies that are able to do that this year using automated summaries.” Aside from monitoring patches, configurations and scans, the dashboard helps managers inventory their hardware, software and external connections. They can check how many assets are hooked up to the automated system to confirm supplies.

NASA CIO lacks sense of urgency about hard drive cybersecurity hole, says IG

NASA centers have been disposing of hard drives in a careless manner and the agency’s chief information officer’s response “does not reflect the sense of urgency” necessary to address serious security concerns, says a NASA inspector general report.

Solutions for Enterprise wide Procurement

Solutions for Enterprisewide Procurement (SEWP) IV program is a government-wide acquisition contract (GWAC) that provides commercial, firm-fixed price contracts for state-of-the-art computer technologies, products and services. The SEWP IV indefinite-delivery indefinite quantity (IDIQ) contracts enable all federal agencies, including the Department of Defense, to obtain mission critical, cutting edge and high-end IT products and product-based solutions to meet individual, site or agency-wide requirements.

NASA recently flunked OIG cybersecurity audit

“We found that NASA’s IT security program had not fully implemented key FISMA requirements needed to adequately secure Agency information systems and data. For example, we found that only 24 percent (7 of 29) of the systems we reviewed met FISMA requirements for annual security controls testing and only 52 percent (15 of 29) met FISMA requirements for annual contingency plan testing. In addition, only 40 percent (2 of 5) of the external systems we reviewed were certified and accredited. These deficiencies occurred because NASA did not have an independent verification and validation function for its IT security program”

Related articles