You may be thinking to yourself, “What does my business have to do with NASA?” Sure, part of NASA’s charter is to explore the unknown, but they’re not much unlike you. Like you, they are managing web applications, software, and data that – if falls into the wrong hands – could have disastrous implications. Like you, they also have to battle hackers.
NASA manages more than 1,000 web applications and also has the responsibility to share scientific information, which leaves it open to many IT security challenges, such as stolen identity credentials, phishing, malware, and an aging IT infrastructure.
To try and counteract these headwinds, there are nine items on NASA’s cybersecurity to-do list for 2018, and we believe you should be inspired to address these priorities as well:
- 1 Implement a risk management framework informed by intelligence and operations to improve our security posture and decision-making
- 2 Focus on mitigating compromise of users via credentials
- 3 Fully deploy the DHS Automated Indicator Sharing program
- 4 Enhance Security Operations Center capabilities including Continuity of Operations, high availability and disaster recovery
- 5 Fully deploy DHS’s EINSTEIN 3 Accelerated program capability in NASA
- 6 Deploy capability to work with missions to mitigate cybersecurity risks
- 7 Develop and train our IT workforce throughout NASA
- 8 Improve Center security reviews which will enhance the overall NASA security posture
- 9 Focus on upgrading and decommissioning obsolete hardware and software
Implement a risk management framework informed by intelligence and operations to improve our security posture and decision-making
Your defenses are only as good as the plans you put in place and having a realistic picture regarding where your greatest vulnerabilities lie. Two of the most important tasks you should complete prior to finalizing your risk management framework? Don’t forget a strenuous penetration test of your existing IT portfolio to find out where hackers can steal your data, and then complete a full vulnerability assessment so you have a clear idea of where to prioritize your security efforts.
Focus on mitigating compromise of users via credentials
Passwords are often reused, shared, stolen, and sometimes easily cracked. Once credentials are compromised, your data is at risk for being accessed, exfiltrated, or even maliciously manipulated. Having the right monitoring services in place and Intrusion Protection and Detection (IPS/IDS) services can go a long way to counteract this threat.
Fully deploy the DHS Automated Indicator Sharing program
This is part of the Department of Homeland Security’s (DHS) effort to create an ecosystem where as soon as a company or federal agency observes an attempted compromise, the indicator will be shared in real time with all of the DHS’ partners in order to protect them from the threat. Working with a Managed Security Services Provider (MSSP) will enable you to have the advantage of experienced cybersecurity experts knowing how to protect you from tomorrow’s threats today.
Enhance Security Operations Center capabilities including Continuity of Operations, high availability and disaster recovery
With limited resources, many IT departments are forced to do the bare minimum: Relying on automated systems and reports while missing data breach indicators living in their logs. Look for a MSSP who can deploy a Security Operations Center as a service with Security Information and Event Management monitored constantly, giving you real-time visibility into all your logs, security devices, clouds, and high-value assets – and the ability to mitigate any identified threats – so you can focus on your business.
Fully deploy DHS’s EINSTEIN 3 Accelerated program capability in NASA
EINSTEIN 3 is a DHS program that will help detect malicious traffic targeting Federal Government networks as well as prevent that traffic from harming those networks with intrusion prevention capabilities as a managed security service. Even if you’re not a government entity or in the public sector, you likely have compliance requirements you need to address for the industry in which you do business. Look for experienced MSSPs that can ensure compliance with the most important security regulations enforced worldwide.
Deploy capability to work with missions to mitigate cybersecurity risks
NASA has multiple missions – whether it’s a trip to Mars or sharing important scientific information with government entities – happening at any given time. Essentially, you need to make sure all your endpoints, anyone outside your network accessing your information, haven’t been infected by hackers and by extension spread that cancer into your IT environment. Look for tools to defend your endpoints with next generation antivirus and activity recording.
Develop and train our IT workforce throughout NASA
NASA may be an outlier because it can attract some of the best and brightest minds in the world, but cybersecurity expertise is lacking for many enterprises today. Not only is it difficult to keep up with the latest threats, there’s a shortage of cybersecurity expertise in the labor market, which will grow to 4 million people by 2020. Fill the gap by working with MSSPs who have experience protecting data, applications and software instead of taking time you don’t have to search, interview, hire, onboard, train and try to retain security experts.
Improve Center security reviews which will enhance the overall NASA security posture
It’s all about constantly reviewing your systems to see where you have weak points and having the expertise to know how to shore up those gaps. Work with MSSPs who can not only tell you where there are holes, but have the ability to mitigate those vulnerabilities so you can keep your data secure.
Focus on upgrading and decommissioning obsolete hardware and software
NASA isn’t unlike many enterprises we work with who are looking long and hard at their existing IT portfolio and determining what they should upgrade to the cloud, what they should keep on-premises, and how to manage the entire process. There’s more than meets the eye when it comes to cloud, and you should work with a vendor who has the experience to show you what will work for your specific business needs through a cloud readiness assessment, cloud roadmap design, and cloud migration services.
Cybersecurity doesn’t have to be the rocket science those at NASA deal with every day. US Cloud has the experience and tools you need to create a specialized strategy to bring greater awareness and enforcement that safeguards your network and cloud from emerging cyber threats. From penetration testing and vulnerability assessments to managed security plans, hyper secure cloud and next-generation security tools, US Cloud has you covered. Contact us and get a quote today.