According to data extracted and analyzed by Atlas VPN, cyber incidents at NASA increased by 366% in 2019.
Cyber incidents at NASA can affect national security, intellectual property, and individuals whose data could be lost due to data breaches. As stated by The Office of Management and Budget (OMB) in its report to Congress, even though NASA is continuously improving its security systems, a broad array of digital information and assets remain at risk.
A digital security incident is any attempted or actual unauthorized access, use, disclosure, or destruction of information. Also, digital incidents include interfering with operations within the organization and violations of NASA’s computing policies and regulations.
OMB reviews government agencies annually. OMB is also responsible for developing and overseeing the implementation of policies, standards, and guidelines on cybersecurity in federal agencies.
According to the OMB findings, there were a total of 1,468 cyber incidents at NASA in 2019.
In 2018, NASA experienced only 315 cyber incidents, which means that the number of incidents jumped by 366%.
Incidents caused by improper usage increased the most, from 180 in 2018 to 1,329 in 2019, representing a 638% growth per year. Improper use is described as any incident resulting from a violation of an organization’s acceptable usage policies by an authorized user.
For example, a user installs unapproved file-sharing software, leading to the loss of sensitive data; or a user performs illegal activities on a system.
Other incidents are various attack types that do not fit into any of the mentioned categories.
Email attacks, one of the most common infections methods in public companies, are not that common at NASA: only six cases were registered in 2019. Email attacks are hacker intrusion attempts executed via email message or a malicious attachment.
In 2019, staff lost or got the company’s equipment stolen 15 times. Getting companies’ property stolen or lost causes huge security risks since fraudsters have a significant amount of time to infiltrate the device. It has to be noted that NASA does employ more than 17,000 people, so some of them are bound to lose or get equipment stolen, even if cybercriminals are not targeting NASA directly.
To conclude its findings, OMB states that while NASA does continue to make progress in securing its networks and information systems, its cybersecurity program remains ineffective.
Out of all the major federal agencies, NASA is one of few with a decreased cybersecurity budget. The budget for digital security purposes decreased by $3.1 million in 2019.
Almost all other institutions saw increases in their cybersecurity budgets. The fact that NASA had one of the biggest increases in cyber incidents might lead to the conclusion that the decrease in the cybersecurity budget had a direct negative impact.
The Department of Defense (DOD) received around 50% of the federal cybersecurity budget in 2019, which is over $8.5 billion. In comparison to 2018, DOD received an additional $479 million.
The second in line is the Department of Homeland (DHS) security, with $2.59 billion funds for cybersecurity purposes in 2019. In contrast to 2018, the DHS cybersecurity budget grew by $731.9 million. In other words, cybersecurity spending at DHS increased by over 39%
Funds dedicated to strengthening IT infrastructure increased in all remaining mentioned agencies.
The increases in cybersecurity spending can be attributed to federal agencies moving towards electronic data storage to maintain records. Adequate cybersecurity measures to protect this sensitive data are essential for sustaining public confidence in the federal government.
Even though the number of cyber incidents at NASA increased by 366%, according to the United States Senate, many other federal agencies are inadequately protected as well. Federal agencies continue to find it challenging to protect internal networks even with billions of dollars designated for cybersecurity purposes.
The complexity, technological diversity, geographical decentralization of government networks are the main digital security challenges that these institutions face.
Besides, federal agencies still run on systems supported by outdated languages. Year-by-year, these systems require more funds to maintain. One of the most essential recommendations by Congress is that the federal government must modernize their systems regularly and systematically.