NASA takes Caltech’s JPL to task over cybersecurity issues

June 24, 2019
  • require system administrators to review and update the ITSDB and ensure system components are properly registered and the JPL Cybersecurity/Identity Technologies and Operations Group (CITO) periodically review compliance with this requirement;
  • segregate shared environments connected to the network gateway and monitor partners accessing the JPL network;
  • review and update ISAs for all partners connected to the gateway;
  • require the JPL CITO to identify and remediate weaknesses in the security problem log ticket process and provide periodic aging reports to the JPL CIO;
  • require the JPL CITO to validate, update, and perform annual reviews of all open waivers;
  • clarify the division of responsibility between the JPL Office of the Chief Information Officer and system administrators for conducting routine log reviews and monitor compliance on a more frequent basis;
  • implement the planned role-based training program by July 2019;
  • establish a formal, documented threat-hunting process;
  • develop and implement a comprehensive strategy for institutional IT knowledge and incident management that includes dissemination of lessons learned. We also recommended the NASA CIO include requirements in the pending IT Transition Plan that provide the NASA SOC with sufficient control and visibility into JPL network security practices.
prestitial ad