Insider Threat Program at NASA

KEEPNET LABS > Blog > Insider Threat Program at NASA

While NASA’s classified systems have a fully working insider threat program, the vast bulk of the agency’s information technology (IT) systems do not.

Apr 5, 2022 8:46 am

The Agency’s unclassified systems and data may be at greater risk than necessary. While it is usual for federal agencies to exclude unclassified systems from their insider threat programs, including those systems in a multi-faceted security program could improve the program’s maturity and better safeguard agency resources.

Expanding the insider threat program to unclassified systems, according to Agency officials, would strengthen the Agency’s cybersecurity posture if incremental improvements were adopted, such as focusing on IT systems and persons at the highest risk. Prior to increasing the existing program, ongoing concerns such as staffing challenges, technical resource limits, and a lack of financing to sustain such an expansion would need to be addressed.

The cross-discipline problems regarding cybersecurity knowledge add to the complexity of insider threats. The Office of Protective Services and the Office of the Chief Information Officer are principally responsible for unclassified systems within NASA. In addition, the Office of Procurement manages Agency contracts, while the Office of the Chief Financial Officer manages grants and cooperation agreements. Nonetheless, we believe that reducing the danger of an insider threat is a team effort and that a full insider threat risk assessment would enable the Agency to acquire critical information on weak areas or gaps in administrative processes and cybersecurity.

Taking the proactive step of conducting a risk assessment to analyze NASA’s unclassified systems ensures that holes cannot be exploited in ways that damage the Agency’s capacity to carry out its mission at a time when there is rising concern about the continued dangers of foreign interference.

Phishing Test Software

The human factor is the weakest point in your security posture and may be used against you regardless of how secure your network, computers, and software are. Traditional security measures are insufficient to stop these attacks. Using phishing test platforms that replicate phishing attacks is an effective security measure.

Phishing Training for Employees

Phishing is one of the most successful ways cybercriminals access companies' passwords and other security credentials. A cybercriminal impersonates a legitimate person or entity and sends a fake email to manipulate employees. Companies need to train their employees not to click on links or attachments in suspicious emails.

Protect Yourself Against Keyloggers

Keyloggers are one of the most common and deadly cybersecurity threats. It is a type of malware that records keystrokes and sends them back to the cybercriminal. Hackers can access accounts, banking systems, or even bitcoin wallets thanks to keyloggers.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.