The Inspector General says the consolidated Security Operations Center has improved its security but still has some key vulnerabilities.
On the heels of NASA’s groundbreaking Mars landing, the agency’s consolidated Security Operations Center came in for some criticism recently from its Office of Inspector General.
The OIG conducted an audit to evaluate the cybersecurity effectiveness of the SOC, which has managed the agency’s computer security incident detection and handling since it was created in November 2008 through the consolidation of NASA’s separate detection and response programs.
The move was aimed at improving the agency’s ability to detect and respond to evolving threats posed by increasingly sophisticated cyber attacks, according to a summary of the report released by NASA.
In general, the audit found that the SOC, located at Ames Research Center, has improved NASA’s computer security incident handling by providing continuous incident detection coverage for all NASA centers.
The SOC provides centralized, continuous monitoring of network traffic entering and leaving NASA centers and includes an information system, known as the Incident Management System, for agencywide coordination, tracking and reporting of IT security incidents, the report said.
In addition, the auditors said SOC’s communication processes, including weekly conference calls and security bulletins, were effective for sharing security incident and threat information with responders across the agency. NASA also has implemented an effective information system that enables agencywide management and reporting of IT security incidents, the OIG report said.
However, the audit also found that the SOC does not currently monitor all of NASA’s computer networks.
“Even though networks we reviewed had their own incident management program that included network monitoring, dedicated staff to respond to incidents and documented processes, the networks’ management programs do not provide the centralized continuous monitoring coverage afforded by the SOC,” it said.
The OIG said NASA “needs to increase its readiness to combat sophisticated but increasingly common forms of cyber attacks known as Advanced Persistent Threats.” APTs are typically designed to bypass a target’s firewalls, intrusion detection system and other perimeter defenses. They are often launched by well-organized and well-funded individuals or entities, the audit explained.
The audit went on to warn that “even after the target organization addresses the vulnerability that permitted the attack to succeed, the attacker may covertly maintain a foothold inside the target’s system for future exploits. The increasing frequency of APTs heightens the risk that key agency networks may be breached and sensitive data stolen.”
The OIG report made three undisclosed recommendations to the agency’s CIO, who concurred and proposed corrective actions.
The full report was not released because NASA said it contained sensitive but unclassified information which if distributed could pose a security threat to its computer systems.