Above the Cloud: Enhancing Cybersecurity in the Aerospace Sector

Abstract

Congressional testimony shows that NASA’s Jet Propulsion Lab was under sustained cyber attacks for years. Yet this episode was only part of a string of some thirteen successful breaches in 2011 alone, prompting an investigation by the NASA Office of Inspector General, which stated: “We found that computer servers on NASA’s Agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet.” The report goes on to note, “[t]hese deficiencies occurred because NASA had not fully assessed and mitigated risks to its Agency-wide mission network and was slow to assign responsibility for IT security oversight to ensure the network was adequately protected.” Yet NASA is far from the only victim in the air and space sector of cyber attacks. Organizations ranging from defense contractors like Lockheed Martin to SpaceX have been targeted, and sometimes penetrated, resulting in the loss of invaluable trade secrets that impact economic competitiveness and national security alike. This Article argues that a polycentric response is needed to manage the cyber threat to the aerospace sector. As part of this approach, aerospace organizations should utilize the recently released National Institute for Standards and Technology Cybersecurity Framework to better protect their assets by instilling cybersecurity best practices from the bottom up, and should engage in more robust information sharing, similar to recent efforts in the critical infrastructure and retail sectors. Assistant Professor of Business Law and Ethics, Indiana University; Senior Fellow, Center for Applied Cybersecurity Research; W. Glenn Campbell and Rita Ricardo-Campbell National Fellow, Stanford University Hoover Institution. Post-Graduate Fellow, Center for Applied Cybersecurity Research. 373fiu_10-2 S heet N o. 44 S de B 011/2016 0819:25 37333-fiu_10-2 Sheet No. 144 Side B 01/11/2016 08:19:25