14 DAY TRIAL // NASA intends to address long-standing cybersecurity management problems found in a recent report.
According to a report issued by NASA's inspector general, "Attacks on NASA networks are not a new phenomenon, although attempts to steal critical information are increasing in both complexity and severity".
"We found that NASA's ability to prevent, detect, and mitigate cyber-attacks is limited by a disorganized approach to Enterprise Architecture".
The department oversees 3,000 websites and 42,000 publicly available databases. Although working to strengthen its cybersecurity posture, the IG determined that NASA has been subjected to over 6,000 cyberattacks in the last four years, including phishing scams and malware.
The agency's posture exposes it to unnecessary risk from cyber threats
Among the watchdog's suggestions for reform is the advancement of CyPreSS – Safety and Privacy Enterprise Solutions and Services – a broad cybersecurity management contract.
Cypress needs a variety of IT services, including a security operations center, penetration testing, vulnerability management, supply chain risk management, training and knowledge, as well as identity, certificate, and access management.
According to GovWin, a government contracting database maintained by Deltek, the solicitation was scheduled to be published on May 17, and an award will be announced in November, with work beginning in February 2022. According to the Federal System of Awards Management, the proposal is still in the pre-solicitation stage.
The IG also states that NASA's procedures for assessing and authorizing IT systems are inconsistent and inefficient across the organization.
NASA's CIO, Jeffrey Seaton, agreed with all the IG's recommendations, including one to develop baseline requirements for the Cypress contract.
In response to the IG's recommendations, NASA will also create an enterprise architecture program, start monitoring metrics on the efficacy of its enterprise security architecture, and perform a cost evaluation for the agency's 526 IT systems defined by the IG.