NASA‘s inspector general has called on the space agency to establish a framework to coordinate physical and cyber efforts.
The space agency’s use of information technology equipment to control physical processes makes operational technology systems vulnerable to security challenges such as malicious hacking, NASA’s IG said in a report published Wednesday.
The report noted NASA has yet to define operational technology, create a centralized inventory of OT systems and establish a standard protocol to secure systems that contain OT components.
NASA should identify systems that incorporate OT components since the application of traditional IT security measures to OT systems may cause malfunction, the IG said.
The report found that an IT security patch led to a fire in an engineering oven that destroyed spacecraft hardware.
Auditors said NASA lacks sufficient awareness of OT systems; training focused on OT equipment protection; and policies that distinguish OT from IT systems.
The agency has yet to establish an integrated risk management approach for physical and cyber security assets which has led to duplicate efforts and gaps in security planning and risk remediation.
The report stated that insufficient guidance, oversight, funds and record keeping limits visibility and insight into NASA’s infrastructure protection measures and impedes the agency’s capacity to secure assets.
NASA IG recommended the agency to create a standardized process to assess cyber and physical assets; include appropriate personnel in the reviews of critical infrastructure assets; and form security policy and procedures for OT protection.
The IG also called on NASA to establish an integrated cyber and physical risk management committee or oversight body to support NASA’s efforts to protect OT systems.