NASA is working through a unique set of challenges to implementing zero trust security architectures due to the age of some of its systems that tie back to launches decades ago of equipment in space that remains operable.
Mike Witt, Senior Agency Information Security Officer and CISO for cybersecurity and privacy at NASA, explained at a Federal News Network event on June 23 how the agency has to keep in touch with technology that is older than many of its employees.
“We’ve got things that are flying out in space and that we launched back in the 70s that are still out there,” he said. “That means to catch that communication back to it, we’ve still got a lot of legacy infrastructure on our network that we’ve got to make sure stays properly isolated so no harm comes at them.”
Witt went on to explain that NASA has blended zero trust measures into both its “normal enterprise delivery applications,” as well as working on better security for its legacy systems.
He also said NASA had embarked on the zero trust security path before the Biden administration mandated that course for Federal agencies in its cybersecurity executive order issued in May 2021.
“We were on the zero trust train already, and we were working with the Federal CIO Council and the Department of Homeland Security,” he said. “We had already started moving down that road to zero trust, so when the executive order came out, that was not new to us, other than just some of the requirements that came out of out of the executive order,” said Witt.