The IG said that NASA needed to beef up its capabilities to combat APTs, which are designed to bypass firewalls, intrusion detection systems, and other perimeter defenses.
“Moreover, even after the target organization addresses the vulnerability that permitted the attack to succeed, the attacker may covertly maintain a foothold inside the target’s system for future exploits. The increasing frequency of APTs heightens the risk that key Agency networks may be breached and sensitive data stolen”, the IG warned.
The IG also found that NASA did not have a centralized continuous security monitoring capability for all of its computer networks.
The IG noted that NASA implemented a security operations center (SOC) in November 2008, but the center only monitors a portion of the agency’s networks.
“Even though networks we reviewed had their own incident management program that included network monitoring, dedicated staff to respond to incidents and documented processes the networks’ management programs do not provide the centralized continuous monitoring coverage afforded by the SOC”, the audit said.
The IG said that it offered three unspecified recommendations to NASA’s chief information officer, who concurred with the measures and proposed correction actions.