NASA’s Insider Threat Program

2022-03-23 11:16

While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency's information technology systems - including many containing high-value assets or critical infrastructure - are unclassified and are therefore not covered by its current insider threat program.

While NASA's exclusion of unclassified systems from its insider threat program is common among federal agencies, adding those systems to a multi-faceted security program could provide an additional level of maturity to the program and better protect agency resources.

According to Agency officials, expanding the insider threat program to unclassified systems would benefit the Agency's cybersecurity posture if incremental improvements, such as focusing on IT systems and people at the most risk, were implemented.

Further amplifying the complexities of insider threats are the cross-discipline challenges surrounding cybersecurity expertise.

In our view, mitigating the risk of an insider threat is a team sport in which a comprehensive insider threat risk assessment would allow the Agency to gather key information on weak spots or gaps in administrative processes and cybersecurity.

At a time when there is growing concern about the continuing threats of foreign influence, taking the proactive step to conduct a risk assessment to evaluate NASA's unclassified systems ensures that gaps cannot be exploited in ways that undermine the Agency's ability to carry out its mission.

News URL

https://www.schneier.com/blog/archives/2022/03/nasas-insider-threat-program.html

#nasa #threat