NASA Focuses on Cybersecurity of Its Mission-Critical Software

The National Aeronautics and Space Administration is increasingly considering cybersecurity when evaluating software projects in order to minimize risk to its missions. The agency is also expanding educational outreach on cybersecurity as part of an effort to help grow the cybersecurity workforce, according to West Virginia's The State Journal.

NASA’s Katherine Johnson Independent Verification and Validation Facility's (IV&V) traditional function is to review software used by the space agency for bugs that could lead to mission failures. IV&V began performing ground systems in the mid-2010s, exploring what cybersecurity risks existed in the software and how NASA could be affected.

IV&V currently has about 12 practitioners working across one or two projects at any given time and has plans to expand, Manny Cordero, NASA IV&V deputy lead for the Safety and Mission Assurance Support office, told the newspaper.

"We combine traditional assurance and software engineering roles with the cybersecurity to independently assess the design, architecture, and structures of space systems," Cordero said. 

IV&V’s cybersecurity educational outreach program focuses on summer and year-long internships, as well as folding cybersecurity education into its other focus areas. And NASA's focus here will help the state's cybersecurity workforce grow. 

"Technology enables us, but technology can potentially be abused, and the right protections are needed," Cordero said. "That's beyond NASA. Much of our infrastructure, the way that we live and the way that we do business, heavily relies on it, and that reliance will continue to grow, so there's a need to close that talent gap that exists and build a sustainable cybersecurity workforce.”