Cyber for IT, NASA and Beyond

ELT Relationships / Cyber Advisory

The world is struck by another cyber breach, and this time, it concerns those who primarily operate in outer space.  An unauthorised raspberry pi has breached NASA. You could be forgiven for thinking, well if “NASA” can’t get it right now can I? It must be harder than rocket science! This only spells a wake-up call for organisations who do not have a Cyber for IT approach.

Let’s not beat around the bush. Cybersecurity can be tricky.

However, looking at the audit report NASA got a lot of basic things wrong for an organisation that would be a huge target. The IP these guys would hold let alone the status for breaching such a big name would be huge.

Clearly, they didn’t have the ability to detect rogue devices, quickly report on abnormal network traffic, and from the report adequately patch network devices to prevent lateral movement. These are all risks that have well-known and efficient remedies. However, it is suspected as with many organisations we help the problem starts from the top.

Management has allowed Engineers and IT teams to manage the environment rather than creating strong cyber leadership ( Not IT ), policies, procedures, and alerting systems to ensure compliance with requirements.

Too often, boards allow total freedom and creative license to Engineers and IT professionals however, they are not properly educated or tooled to understand and engage risk. Imminently, a Cyber for IT strategy must be engaged, to strategise all IT activities and infrastructures with a cybersecurity-focused mindset. Only with cyber-aware planning and an security operation centre, organisations may detect and protect themselves against threats in a prompt manner.

More often than not when we get called to assist during a post-breach event, the management advises us that “IT were looking after security”.

Just as we in the industry are realising that cybersecurity is a diverse problem that requires diverse thinking to solve so must organisations learn that security is an organisational problem. Asking IT to include security within their budget is often the first step towards disaster and communications breakdown during a cyber incident.

 

Proper Cybersecurity Leadership is needed to set the path for IT.

Proper leadership for cyber requires a diverse thinking risk team to first assess risks and identify key assets such as data, IP, functions, and people. Only then can we mandate and create proper policies and advise our IT teams about effective controls and KPI’s such as an advanced security operations centre to protect environments.

Related Articles

Cyber Incident response and cyber insurance are fundamental to an organisation's cybersecurity.
Cyber Insurance / Incident Response
Are you Cyber Ready for Cyber Insurance?
Read more
Cybersecurity Resilience, Cyber Threat Intelligence
Data Breach / Cyber Compliance
Australian Notifiable Data Breach – Key Takeaways
Read more
cyber
Cyber Compliance / Cyber Advisory, Cyber Compliance
Cyber Regulations and Australian Compliance Overview 2022
Read more
preloader