Keepnet Labs Logo
Menu
Keepnet Labs > blog > insider-threat-program-at-nasa

Insider Threat Program at NASA

While NASA’s classified systems have a fully working insider threat program, the vast bulk of the agency’s information technology (IT) systems do not.

Insider Threat Program at NASA

The Agency’s unclassified systems and data may be at greater risk than necessary. While it is usual for federal agencies to exclude unclassified systems from their insider threat programs, including those systems in a multi-faceted security program could improve the program’s maturity and better safeguard agency resources.

Expanding the insider threat program to unclassified systems, according to Agency officials, would strengthen the Agency’s cybersecurity posture if incremental improvements were adopted, such as focusing on IT systems and persons at the highest risk. Prior to increasing the existing program, ongoing concerns such as staffing challenges, technical resource limits, and a lack of financing to sustain such an expansion would need to be addressed.

The cross-discipline problems regarding cybersecurity knowledge add to the complexity of insider threats. The Office of Protective Services and the Office of the Chief Information Officer are principally responsible for unclassified systems within NASA. In addition, the Office of Procurement manages Agency contracts, while the Office of the Chief Financial Officer manages grants and cooperation agreements. Nonetheless, we believe that reducing the danger of an insider threat is a team effort and that a full insider threat risk assessment would enable the Agency to acquire critical information on weak areas or gaps in administrative processes and cybersecurity.

Taking the proactive step of conducting a risk assessment to analyze NASA’s unclassified systems ensures that holes cannot be exploited in ways that damage the Agency’s capacity to carry out its mission at a time when there is rising concern about the continued dangers of foreign interference.

SHARE ON

twitter
twitter
twitter

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate