KEEPNET LABS > Blog > Insider Threat Program at NASA

Insider Threat Program at NASA

While NASA’s classified systems have a fully working insider threat program, the vast bulk of the agency’s information technology (IT) systems do not.

Insider Threat Program at NASA

The Agency’s unclassified systems and data may be at greater risk than necessary. While it is usual for federal agencies to exclude unclassified systems from their insider threat programs, including those systems in a multi-faceted security program could improve the program’s maturity and better safeguard agency resources.

Expanding the insider threat program to unclassified systems, according to Agency officials, would strengthen the Agency’s cybersecurity posture if incremental improvements were adopted, such as focusing on IT systems and persons at the highest risk. Prior to increasing the existing program, ongoing concerns such as staffing challenges, technical resource limits, and a lack of financing to sustain such an expansion would need to be addressed.

The cross-discipline problems regarding cybersecurity knowledge add to the complexity of insider threats. The Office of Protective Services and the Office of the Chief Information Officer are principally responsible for unclassified systems within NASA. In addition, the Office of Procurement manages Agency contracts, while the Office of the Chief Financial Officer manages grants and cooperation agreements. Nonetheless, we believe that reducing the danger of an insider threat is a team effort and that a full insider threat risk assessment would enable the Agency to acquire critical information on weak areas or gaps in administrative processes and cybersecurity.

Taking the proactive step of conducting a risk assessment to analyze NASA’s unclassified systems ensures that holes cannot be exploited in ways that damage the Agency’s capacity to carry out its mission at a time when there is rising concern about the continued dangers of foreign interference.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.