NASA: Government Organization Policy Evaluation Research Paper

Exclusively available on Available only on IvyPanda® Made by Human No AI

Introduction: Historical Reference Points On NASA

It should be noted that NASA is an independent government agency and part of the United States federal government, which functions as an operator in civilian space programs as well as research related to space. It was established in 1958, which emerged from its predecessor, the National Advisory Committee for Aeronautics or NACA (Bizony et al., 2019). The main difference was rooted in the fact that NASA was oriented as a civilian agency with a pure interest in sciences related to space with military functional elements.

Discussion on the Cybersecurity Policies of NASA

It is important to note that “much of the United States’ critical infrastructure relies on space systems” (Falco, 2018, p. 1). In other words, practically all critical infrastructure elements are dependent on the space assets, making space systems the most important critical infrastructure of all. The examples include “agribusiness’ reliance on weather and climate satellites, the U.S. military’s reliance on intelligence satellites, and various transportation industries’ reliance on global positioning system (GPS) satellites” (Falco, 2018, p. 1). Therefore, it is important to note that NASA’s essentiality among all critical infrastructures makes the agency a prime and ultimate target for cyber attacks. Thesis: Although NASA’s cybersecurity measures are effective for the most part in areas such as decentralized cybersecurity, data inaccessibility, and access restriction, it fails in regards to assessment of its cyber defenses resulting in non-adherence to national security standards and carrying significant risk to the latter.

It is stated that “the Agency’s vast online presence of approximately 3,000 websites and more than 42,000 publicly accessible datasets also makes it highly vulnerable to intrusions” (Office of Inspector General, 2021, p. 3). In accordance with the global trend of cyber threat increases across all private and public spaces, NASA is also becoming a major target for hackers (Johnson, 2015). Given NASA’s importance and interconnectedness to other critical infrastructure elements, a plausible scenario that major breaches could tax society significantly (Guiora, 2017). Thus, NASA’s cybersecurity readiness and preparedness, as well as resilience, are of paramount importance.

One should be aware that NASA invests heavily in its cyber security programs and systems. These operations are primarily managed by NASA OCIO Cybersecurity & Privacy Division (CSPD), which provides cost-effective services in cyber security, decreases the number of barriers to improve cross-agency collaboration, and removes identified vulnerabilities (Bizony et al., 2019). NASA has a set of strict regulatory policies in regard to cybersecurity and privacy of sensitive information used, accepted, and disclosed by the agency.

All personnel working at NASA must comply with the NASA Cybersecurity and Privacy Rules of Behavior or NASA ROB, where “unauthorized or improper use of NASA IT may result in the suspension or revocation of access to NASA IT, and disciplinary action, as well as civil and criminal penalties” (National Aeronautics and Space Administration, 2021, p. 2). The examples include a “mobile phone, tablet, computer, Internet of Things (IoT) device, or wearable technology that does not have a valid Authority To Operate (ATO) from a NASA Authorizing Official (AO), regardless of who provided or owns the device” (National Aeronautics and Space Administration, 2021, p. 2). Thus, NASA takes matters of cybersecurity and privacy seriously where all potential aspects of the operations are controlled and strictly regulated.

How the Policy Hardens Networks

NASA has implemented a number of measures to ensure that its cybersecurity is strong and resilient. The agency made the access control policies significantly stricter for all its providers and engineers, which were partly described in the previous sections, such as NASA ROB. Therefore, “this will help guard against some of the phishing attacks used against NASA employees in the past that steal credentials and access valuable intellectual property” (Falco, 2018, p. 16). In the past, the Office of the Chief Information Officer or OCIO was responsible for agency-wide cybersecurity measures, but it recognized that it is incapable of ensuring proper cybersecurity for both mission systems as well as NASA’s labs. Thus, “NASA’s Jet Propulsion Laboratory (JPL) created the Cyber Defense Engineering and Research Group (CDER). CDER’s goal is specifically to address mission systems” (Falco, 2018, p. 16). In other words, the current NASA cybersecurity system is decentralized.

Pros of the Policies

Moreover, NASA is implementing a wide range of effective encryption programs to encrypt its data. For example, “at the end of 2016, AT&T encrypted NASA’s Deep Space Network (DSN), which is the foundation of communication infrastructure for technology such as the Mars Rover” (Falco, 2018, p. 16). In other words, the agency is making its data highly inaccessible to external threats even if all other systems are breached. It is a plausible and effective strategy to ensure that NASA’s data is only usable by the agency itself.

Cons of the Policies

Although NASA plays a critical role in ensuring national security as an agency playing a central role in the functionality of all other critical infrastructure elements, the practical assessments of NASA’s cybersecurity measures show the inherent weaknesses of the systems utilized in the organization. The first and major issue is the fact that “NASA conducts its assessment and authorization (A&A) of IT systems inconsistently and ineffectively, with the quality and cost of the assessments varying widely across the Agency” (Office of Inspector General, 2021, p. 15). These assessments are mandatory to ensure that the utilized systems are meeting the standard requirements and adhering to national security mandates.

Despite the recent efforts to ensure better cybersecurity at the agency, it is important to emphasize that cyber attackers are becoming “more aggressive, organized, and sophisticated, managing and mitigating cybersecurity risk is critical to protecting NASA’s vast network of information technology systems from malicious attacks or breaches that can seriously inhibit the Agency’s ability to carry out its mission” (Office of Inspector General, 2021, p. 20). Therefore, it is of paramount importance to constantly track and monitor the effectiveness of the currently implemented systems in order to ensure that NASA is willing to the given arms race, which can only be done by regular and efficient assessment procedures.

Therefore, the lack of consistent and effective assessment and authorization programs at NASA hinders national security on a massive scale due to the core importance and interconnectedness of NASA’s operations and its influence on all other critical infrastructure elements. Despite the effective measures undertaken by the agency, NASA cannot be secure and resilient enough due to its highly paramount role in the overall national security of the United States. Full and reliable cybersecurity can only be ensured if an integrated and systematic approach is applied. The cybersecurity system must be built taking into account all current threats and vulnerabilities, also taking into account those threats that may arise in the future. Therefore, it is important to provide support for continuous monitoring, which must operate on a daily basis around the clock.

Preventing Exploitation of Vulnerabilities

A prerequisite is to ensure control at each stage of the life cycle of information, from the moment of its arrival and ending with the loss of its relevance or destruction of data. The use of a multi-level integrated information protection system is definitely more effective than the use of individual cybersecurity methods. At the same time, cybersecurity is only one of the areas that need to be addressed. Given the ever-increasing computerization of all spheres of business and the increase in the number of electronic transactions, these threats are also rapidly developing. In search of ways to obtain classified information and harm organizations, cybercriminals are actively using modern technologies and software solutions. Their actions can cause significant damage, including in the form of direct financial losses or loss of intellectual property.

Biblical Foundations

In the case of biblical implications, the Bible supports self-reflection and self-assessments. It is stated: “Examine yourselves, to see whether you are in the faith. Test yourselves. Or do you not realize this about yourselves, that Jesus Christ is in you?—unless indeed you fail to meet the test” (Holy Bible, King James Bible, 1769/2017, Corinthians 13:5). In other words, the presence of inconsistent and ineffective assessment and authorization programs as NASA illustrates that the agency does not adhere to key biblical practices monitoring and tracking progress in the face of evil, which includes cyber threats and cyber-attacks.

The Bible states: “two are better than one; because they have a good reward for their labour. For if they fall, the one will lift up his fellow: but woe to him that is alone when he falleth; for he hath not another to help him up. Again, if two lie together, then they have heat: but how can one be warm alone?” (Holy Bible, King James Bible, 1769/2017, Ecclesiastes 4:9-11). In other words, the verses support the decentralized cybersecurity at NASA, where the Office of the Chief Information Officer handles NASA’s labs and Cyber Defense Engineering and Research Group protects mission systems.

Conclusion

In conclusion, NASA is a highly important agency in the critical infrastructure network because all other elements rely on the space assets’ functionality and security. NASA utilizes a decentralized approach towards cybersecurity, encrypts its data, and restricts the accessibility of its data to providers and engineers. However, it fails to conduct consistent and effective assessment and authorization procedures, which carries a serious national security risk. Although the Bible supports NASA’s best practices, it condemns the lack of self-analysis.

References

Bizony, P., Chalkin, A., & Launius, R. (2019). The NASA archives. 60 years in space. TASCHEN.

Falco, G. (2018). [PDF document].

Guiora, A. N. (2017). Cybersecurity: Geopolitics, law, and policy. Routledge.

Johnson, T. A. (2015). Cyber-security: Protecting critical infrastructures from cyber attack and cyber warfare. CRC Press.

(2017). King James Bible Online. (Original work published 1769)

National Aeronautics and Space Administration. (2021). .

Office of Inspector General. (2021).

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2023, March 30). NASA: Government Organization Policy Evaluation. https://ivypanda.com/essays/nasa-government-organization-policy-evaluation/

Work Cited

"NASA: Government Organization Policy Evaluation." IvyPanda, 30 Mar. 2023, ivypanda.com/essays/nasa-government-organization-policy-evaluation/.

References

IvyPanda. (2023) 'NASA: Government Organization Policy Evaluation'. 30 March.

References

IvyPanda. 2023. "NASA: Government Organization Policy Evaluation." March 30, 2023. https://ivypanda.com/essays/nasa-government-organization-policy-evaluation/.

1. IvyPanda. "NASA: Government Organization Policy Evaluation." March 30, 2023. https://ivypanda.com/essays/nasa-government-organization-policy-evaluation/.


Bibliography


IvyPanda. "NASA: Government Organization Policy Evaluation." March 30, 2023. https://ivypanda.com/essays/nasa-government-organization-policy-evaluation/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1