Tweet
The National Aeronautics and Space Administration (NASA) is pretty good at keeping Classified information away from falling into the wrong hands, but it’s not that good at labeling all of the right data as Classified.
This becomes a major problem because it puts many projects and information in jeopardy from insider attacks, says the latest report on the organization’s state of cybersecurity, published by the NASA Office of Inspector General.
The “NASA’s insider threat program” report reveals that the “vast majority” of NASA technology is not labeled as Classified, including “high-value assets and critical infrastructure.” Some of these assets include “sensitive and valuable information such as scientific, engineering, or research data; human resources files; or procurement sensitive information.”
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
As these items are not labeled as Classified, they aren’t covered by the various defenses the organization deployed for its insider protection program.
Things wouldn’t be that bad if unclassified, but sensitive information, wasn’t abused every day. The auditor says in its report that the number of incidents, including the improper use of the organization’s IT systems, rose 343% in three years (from 249 in 2017, to 1,103 in 2020).
Of all these incidents, the most common problem was “failing to protect Sensitive but Unclassified (SBU) information”. Apparently, many NASA employees were sending each other unencrypted emails containing SBU data, Personally Identifiable Information (PII), or International Traffic in Arms Regulations data.
Read more
Another potential problem is frequent privilege elevation for the employees. In the last three years, NASA users made more than 12,000 requests for privilege elevation.
To better protect its data, the watchdog hints, NASA needs to reorganize informational security responsibilities. As things stand now, multiple teams are in charge of securing the organization’s endpoints, including the Office of Protective Services (OPS), and the Office of the Chief Information Officer (OCIO).
[ul]
[li]Check out our list of the best firewalls right now[/li][/ul]
Via: The Register
Continue reading…
This becomes a major problem because it puts many projects and information in jeopardy from insider attacks, says the latest report on the organization’s state of cybersecurity, published by the NASA Office of Inspector General.
The “NASA’s insider threat program” report reveals that the “vast majority” of NASA technology is not labeled as Classified, including “high-value assets and critical infrastructure.” Some of these assets include “sensitive and valuable information such as scientific, engineering, or research data; human resources files; or procurement sensitive information.”
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Labeling classified data[/HEADING]
[HEADING=1]Labeling classified data[/HEADING]
Things wouldn’t be that bad if unclassified, but sensitive information, wasn’t abused every day. The auditor says in its report that the number of incidents, including the improper use of the organization’s IT systems, rose 343% in three years (from 249 in 2017, to 1,103 in 2020).
Of all these incidents, the most common problem was “failing to protect Sensitive but Unclassified (SBU) information”. Apparently, many NASA employees were sending each other unencrypted emails containing SBU data, Personally Identifiable Information (PII), or International Traffic in Arms Regulations data.
Read more
Data Security: What is it?
Data privacy is more important than ever in the age of remote work
The ‘Great Resignation’ is a threat to cyber security
Data privacy is more important than ever in the age of remote work
The ‘Great Resignation’ is a threat to cyber security
To better protect its data, the watchdog hints, NASA needs to reorganize informational security responsibilities. As things stand now, multiple teams are in charge of securing the organization’s endpoints, including the Office of Protective Services (OPS), and the Office of the Chief Information Officer (OCIO).
[ul]
[li]Check out our list of the best firewalls right now[/li][/ul]
Via: The Register
Continue reading…