Report: NASA cybersecurity incidents increase by 366% in 2019

The federal agency’s cybersecurity budget was cut by $3.1 million last year

An example of a nanosatellite in space, NASA's CubeSat (photo credit: NASA)
An example of a nanosatellite in space, NASA's CubeSat
(photo credit: NASA)
 Cyber security incidents at NASA increased by 366% last year, according to data collected and analyzed by virtual network provider Atlas VPN and published this week.
Atlas VPN extracted cyber security incident data from NASA for 2018 and 2019, sourced from the Office of Management and Budget, which is responsible for reviewing government agencies annually as well as overseeing the implementation of policies and guidelines on cyber security in federal agencies.
According to the findings, a total of 1,468 cyber incidents were found at NASA in 2019, compared to only 315 in 2018 – a 366% increase.
The company called this an "alarming finding," citing the cyber incidents at NASA could affect "national security, intellectual property, and individuals whose data could be lost due to data breaches."
Any attempted or actual unauthorized access, use, disclosure, or destruction of information is considered a digital security incident, according to Atlas VPN, as is interfering with operations within the organization and violations of NASA’s computing policies and regulations.
The findings further indicated that cyber security incidents caused by "improper usage" increased the most, from 180 incidents in 2018 to 1,329 incidents in 2019, representing a 638% growth per year.  Atlas VPN described improper use as "any incident resulting from a violation of an organization's acceptable usage policies by an authorized user."
Adding that an example of this would include if a user "installs unapproved file-sharing software, leading to the loss of sensitive data or performs illegal activities on a system."
The report also noted that there were only six cases of email attacks on NASA in 2019, despite this being one of the most common attack methods in public companies. 
Additionally, in 2019 the company's equipment was lost or stolen 15 times, which Atlas VPN said, may pose "huge security risks since fraudsters have a significant amount of time to infiltrate the device."   However, the company noted that NASA employs more than 17,000 people, and some equipment is bound to get lost or stolen, regardless of cybercrime targeting NASA directly.
The report also found that while the US government increased its federal cybersecurity spending in 2019 by nearly $2 billion, NASA's cyber security budget decreased by $3.1 million that same year.
"The fact that NASA had one of the biggest increases in cyber incidents might lead to the conclusion that the decrease in the cybersecurity budget had a direct negative impact," Atlas VPN wrote.