Image: iStockphoto/NicoElNino

There were 1,468 cyber incidents at NASA in 2019—an increase of a staggering 366%, according to data extracted and analyzed by Atlas VPN, which released the findings in a new report. As one of the nation’s most important federal agencies, “this is an alarming finding,” the company said.

Cyber incidents at NASA can affect national security, intellectual property, and individuals whose data could be lost due to data breaches. In its fiscal 2019 report to Congress (PDF), the Office of Management and Budget (OMB), said that even though NASA is continuously improving its security systems, a broad array of digital information and assets remain at risk.

Any attempted or actual unauthorized access, use, disclosure, or destruction of information is considered a digital security incident, Atlas VPN said. Digital incidents also include interfering with operations within the organization and violations of NASA’s computing policies and regulations, the company said.

OMB reviews government agencies annually. The office is also responsible for developing and overseeing the implementation of
policies, standards, and guidelines on cybersecurity in federal agencies.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

In 2018, NASA experienced only 315 cyber incidents, according to Atlas VPN.

Incidents caused by improper usage increased the most, from 180 in 2018 to 1,329 in 2019, representing a 638% growth per year, the company said. Improper use is described as any incident resulting from a violation of an organization’s acceptable usage policies by an authorized user.

“For example, a user installs unapproved file-sharing software, leading to the loss of sensitive data; or a user performs illegal activities on a system,” Atlas VPN said.

Other incidents are various attack types that do not fit into any of the previously mentioned categories.

Although email attacks are one of the most common infections methods in public companies, they are not that common at NASA: Only six cases were registered in 2019, according to Atlas VPN.

Additionally, in 2019, staff lost or got the company’s equipment stolen 15 times, the company said. Lost or stolen corporate/governmental property causes huge security risks since fraudsters have a significant amount of time to infiltrate the device.

“It has to be noted that NASA does employ more than 17,000 people, so some of them are bound to lose or get equipment stolen, even if cybercriminals are not targeting NASA directly,” the company said.

NASA’s cybersecurity budget has decreased

In concluding its findings, the OMB stated that while NASA continues to make progress in securing its networks and information systems, its cybersecurity program remains ineffective, Atlas VPN said.

Out of all the major federal agencies, NASA is one of only a few with a decreased cybersecurity budget. The budget for digital security purposes decreased by $3.1 million in 2019.

“Interestingly, almost all other institutions saw increases in their cybersecurity budgets,” the company noted. “The fact that NASA had the biggest increase in cyber incidents might lead to the conclusion that the decrease in the cybersecurity budget had a direct negative impact.”

The Department of Defense (DOD) received around 50% of the federal cybersecurity budget in 2019, which is over $8.5 billion. In comparison to 2018, DOD received an additional $479 million, Atlas VPN said.

The second in line is the Department of Homeland (DHS) security, with $2.59 billion funds for cybersecurity purposes in 2019. In contrast to 2018, the DHS cybersecurity budget grew by $731.9 million, an increase of over 39%.

Funds dedicated to strengthening IT infrastructure increased in all remaining mentioned agencies, Atlas VPN said.

The increases in cybersecurity spending can be attributed to federal agencies moving toward electronic data storage to maintain records. Adequate cybersecurity measures to protect this sensitive data are essential for sustaining public confidence in the federal government, the company said.

Even though the number of cyber incidents increased the most at NASA, according to the US Senate (PDF), many other federal agencies are inadequately protected, the company said. Federal agencies continue to find it challenging to protect internal networks, even with billions of dollars designated for cybersecurity purposes.

“The complexity, technological diversity, [and] geographical decentralization of government networks are the main digital security challenges that these institutions face.”

Additionally, federal agencies still run on systems supported by outdated languages. Year-by-year, these systems require more funds to maintain, Atlas VPN said. “One of the most essential recommendations by Congress is that the federal government must modernize their systems regularly and systematically.”