When the U.S. government partially shut down December, furloughing almost all NASA employees for 35 weeks, missed paychecks and postponed science weren’t the only issues NASA needed to be worried about. The shutdown also threatened the agency’s cybersecurity, NASA officials stated in a post-shutdown town hall meeting Tuesday (Jan. 29).
“NASA is just one of those — it’s the most attacked agency at the federal government when it comes to cybersecurity,” NASA Administrator Jim Bridenstine told a room filled with NASA workers at the town hall, that took place at the agency’s headquarters in Washington, D.C.
“Round the world there are authorities that are very, very interested in what we’re doing, since technology finally determines the balance of power on Earth, and we are doing things that are very, very innovative technologies,” Bridenstine said. “There are people who’d really like to use it not for the benefit of humanity, but because of their own power purposes.” [Government Shutdown May Have Done Long-Term Damage to NASA]
While nearly 95 percent of the bureau’s employees could not come to work through the government shutdown, those working in NASA’s Security Operations Center (SOC) never ceased fighting cybersecurity threats, Renee Wynn, NASA’s Chief Information Officer, said during the city hall. The centre, located at NASA Ames Research Center in California, operates 24/7 each day of this year, regardless of what. “No snow prevents them from coming and taking good care of and monitoring what is happening in our networks,” Wynn said.
“We do have to safeguard your data, and we have to protect the integrity of all the information that NASA gets and shares,” Wynn said. “That is our primary driver in cybersecurity. [It’s] our name, our reputation — which is via our data and the science, engineering, math and engineering found through that.”
Episodes were researched by the SOC and they noted that, the agency confronted about a single cybersecurity threat each day, on average, Wynn said. This doesn’t automatically signify that hackers have been breaking into NASA computers every single day. A NASA employee losing their authorities telephone counts as a safety threat. “Please stop decreasing your devices,” Wynn told the NASA workers inside the room.
Because of the indispensability of the SOC,”cybersecurity at the very part was totally functional” through the shutdown, Wynn said. “I say’at the most part,’ because we had to consider capital conservation, and so while cybersecurity is crucial, you will find things that are more significant than anything else.”
By way of instance, some NASA sites had to be taken down during the shutdown because their website certificates had died\. “We abandoned our sites up until they posed a threat to the agency,” Wynn said. Sites deemed insecure could possibly be vulnerable to hacking, placing NASA’s information at risk. Over the course of the 35-day shutdown, NASA took down at least 35 websites because their security certificates died, Wynn stated. “We took them down since the data on [them] wasn’t crucial to shutdown or to a particular active role in the bureau.”
NASA employees who stayed during the shutdown on the job had problems as they were not able to renew software permits and install security patches running software programs in their computers. “If you don’t have a license for your software, you are not getting the stains, and then also we receive fixes every single day for several of the applications we perform,” Wynn said. On their first day back at work after the shutdown ended, furloughed employees had to patiently wait for their computers to install all of the upgrades and security patches before they can return to work.
Regardless of any security concerns caused by the shutdown, Wynn had been happy to report the latest scan from the Department of Homeland Security revealed that NASA”had no external-facing, crucial problems,” she explained. “In my opinion, for now, we obtained through this really well.”