NASA program and project managers are considering a variety of approaches to employ the Internet and its associated technologies to reduce the cost and increase the efficiency of space operations. Approaches in development or under consideration include:
Federal law, national policy, and NASA policy require certain actions to be taken to protect automated information systems and satellite command and control systems. We reviewed NASA's nascent Internet-based spacecraft commanding (IBSC) efforts to (1) assess the information security risks, (2) ascertain how NASA is addressing security concerns, and (3) determine whether NASA's information technology (IT) security infrastructure can provide the required security solutions.
We found that use of IP to communicate with spacecraft is unlikely to create a significant security hazard. However, the command of spacecraft or payloads via the Internet exposes spacecraft and related data and communications to a variety of vulnerabilities and threats. Careful application of technical safeguards can help to reduce the risks. However, technical safeguards are only one element of a complete security solution. Policies are also required to ensure that all IBSC programs take the appropriate steps to ensure sufficient security. For all projects to heed these policies, the policies must be widely applicable, broadly distributed, and enforced.
Some NASA IBSC efforts have already planned and incorporated IT security into their particular systems, and in the last 2 years, one Center in particular has taken steps to investigate IBSC security issues. However, some NASA IBSC efforts have not, as yet, seriously considered IT security issues and no Agencywide policy or organization has focused on IBSC security. We made 4 recommendations to improve the security of NASA's IBSC efforts.
Recommendation 1: We recommended that the Chief Information Officer (CIO) identify IBSC security risks and approaches to reducing those risks through a process involving benchmarking. The CIO stated that they concurred with the recommendation, but proposed that mission owners, rather than the CIO, should identify potential IBSC security risks and approaches to reducing those risks. We consider this proposal unresponsive to the recommendation and urge the CIO to implement the original recommendation.
Recommendation 2: We recommended the CIO designate a centralized Agencywide source of expertise for IBSC security issues that would provide IT security support for all IBSC missions. Until this is accomplished, we consider the CIO's actions to be unresponsive.
Recommendation 3: We recommended the CIO develop an Agencywide IBSC security policy that ensures appropriate IBSC security solutions are implemented before approvals to operate are granted. Until the CIO begins to develop an IBSC policy, we consider their actions to be unresponsive to the recommendation.
Recommendation 4: We recommended that NASA ensure that IT security policy requirements are addressed as an integral part of contract development and management for all IBSC efforts. The Agency concurred with this recommendation and we found their proposed actions to be responsive to this recommendation.
This report contains information that may not be releasable to the
general public.