GAO: NASA Needs Stronger Cybersecurity Measures for Spacecraft Acquisitions

A report issued by the Government Accountability Office has identified a gap in mandatory cybersecurity protocols for NASA’s spacecraft acquisition process.

According to GAO’s audit, while the space agency has implemented general cybersecurity requirements across its programs, mandatory guidelines specifically for acquiring spacecraft are not yet in place, Nextgov/FCW reported.

Currently, NASA relies on non-binding best practices guides to address cybersecurity during spacecraft development. The GAO report notes that the said approach can lead to inconsistencies and potentially expose NASA’s spacecraft to cyberthreats.

The report recommends that NASA develop a concrete plan with deadlines to update its acquisition policies with essential cybersecurity controls.

However, while NASA acknowledges the need for improvements, it has reservations about setting a specific timeline, citing potential risks to spacecraft operations if new cybersecurity measures are not carefully integrated.

Additionally, Jeffrey Seaton, NASA’s chief information officer, argued that a one-size-fits-all approach to cybersecurity would not work. Seaton said the space agency tailors its safeguards based on the unique cyber risks and threats posed by different missions.