A Closer Look at GAO's Recommendations for NASA's Acquisition Policies

In May 2024, the Government Accountability Office (GAO) issued a report titled "NASA Cybersecurity: Plan Needed to Update Spacecraft Acquisition Policies and Standards," emphasizing NASA's urgent need to improve its cybersecurity measures in the context of spacecraft procurement. This paper is important because it throws light on the present condition of NASA's cybersecurity policies, exposing both strengths and weaknesses in their strategy to protecting spacecraft from potential cyber threats.

The GAO report thoroughly reviews how NASA incorporates cybersecurity into its spacecraft contracts and investigates whether any modifications to procurement policies and standards are required to strengthen protection against cyber threats. The findings indicate that, while NASA has made progress in adopting cybersecurity standards established in 2019 into its spacecraft projects, there is a considerable lag in updating these rules to require the adoption of newer and more stringent cybersecurity safeguards. For example, projects such as the Gateway Power and Propulsion Element, Orion Multi-Purpose Crew Vehicle, and Spectro-Photometer for the History of the Universe, Epoch of Re-ionization, and Ices Explorer were carried out in accordance with existing cybersecurity requirements, demonstrating NASA's commitment to mission security. However, these efforts are hampered by the slow pace with which improved cybersecurity measures are formalized and implemented across the board.

The GAO study raises concerns about the optional nature of the 2023 space best practices guide, which incorporates revised cybersecurity principles and procedures. The guide's voluntary position implies that implementation varies by project, resulting in variations in how cybersecurity is managed throughout NASA's space programs. Given the essential nature of NASA's operations, this patchwork adoption could make some projects more vulnerable to hackers than others, endangering not only the missions but also national security.

The GAO strongly recommends that NASA create a clear plan with timetables for updating its spacecraft acquisition policies to include these critical cybersecurity protections. By formalizing these standards, NASA can maintain a consistent level of cybersecurity across all of its spacecraft projects, reducing risks and improving the overall security posture of its operations.

In this environment, federal consultants play an important role in assisting federal government contractors, such as those working with NASA, to understand and comply with these changing cybersecurity regulations. For example,

  • Fed Contract Pros can help contractors understand the unique cybersecurity rules that apply to their projects and implement these practices throughout the contract lifecycle.

  • Fed Contract Pros can provide strategic assistance on how to maintain compliance with these requirements and help ensure that all areas of the contractor's activities are consistent with NASA's enhanced cybersecurity framework. Interested in more articles on cybersecurity? Consider reading our articles on Cloud Computing and Government Data or the Introduction of FAR part 40.

  • Consider Fed Contract Pros 1:1 coaching today as we can serve as a vital resources when complying with these requirements.

Overall, the GAO's recommendations highlight the importance of a more proactive and unified approach to cybersecurity in space exploration. By embracing these recommendations, NASA can better protect its missions from the increasingly sophisticated terrain of cyber threats.

FedFeather Frank says:

“This report is critical for a federal government space contractor because it outlines essential updates to cybersecurity practices that directly impact contract compliance and security measures. If you have a deep involvement in federal contracting and focus on fostering efficient and secure contracting environments, understanding these updated guidelines will be instrumental in ensuring your projects align with the latest standards and protect against evolving cyber threats.”

Previous
Previous

AI Integration in Financial Services: Insights from the CFTC Subcommittee Report

Next
Next

Implications of the CMMC Program for Small Business Contractors: A Call for Clarity and Support