- NASA's lack of consistent leadership is undermining its ability to protect itself from cyberattacks, according to a report from the agency's inspector general.
- Because of the constant flow of leadership changes, NASA does not have an agency-wide IT security plan, the report said.
- Over the past year and a half, NASA has had three "acting" senior security officers in the CIO's department, which has led to "confusion at the agency over roles and responsibilities," the report said.
NASA has failed to cultivate an "information security program plan to effectively manage its resources." The inspector general recommended the agency hire a permanent security chief and develop an agency wide security plan to remedy its shortcomings.
An agency-wide program will "help link the risk management processes at the system levels to those at the agency level," allowing data to reveal appropriate levels of risk in the system.
Last week, a report released by security risk benchmarking startup SecurityScorecard ranked NASA dead last among 600 government entities it evaluated between April 2015 to April 2016. The company examined cybersecurity efforts across 10 categories, including malware infection, vulnerability to social engineering techniques and how often passwords are exposed.
While hiring more cybersecurity personnel could help—though the public sector is having a hard time attracting them—more stable leadership could also go a long way. Inconsistent leadership in any organization can make it harder to develop and maintain well-defined security plans.