Above the Cloud: Enhancing Cybersecurity in the Aerospace Sector
Florida International University Law Review, 2015, Forthcoming
33 Pages Posted: 23 Oct 2014
Date Written: October 21, 2014
Abstract
NASA’s Jet Propulsion Laboratory was under sustained cyber attacks for years, according to Congressional testimony. Yet this incident was only part of a string of some thirteen successful breaches in 2011 alone, prompting an investigation by the NASA Office of Inspector General, which stated: “We found that computer servers on NASA’s Agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet.” The report goes on to note, “These deficiencies occurred because NASA had not fully assessed and mitigated risks to its Agency-wide mission network and was slow to assign responsibility for IT security oversight to ensure the network was adequately protected.” Yet NASA is far from the only victim in the air and space sector of cyber attacks. Organizations ranging from defense contractors like Lockheed Martin to SpaceX have been targeted, and sometimes penetrated, resulting in the loss of invaluable trade secrets that impact economic competitiveness and national security alike. This Article argues that a polycentric response is needed to manage the cyber threat to the aerospace sector. As part of this approach, aerospace organizations should utilize the recently released National Institute for Standards and Technology Cybersecurity Framework to better protect their assets by instilling cybersecurity best practices from the bottom up, and engage in more robust information sharing similar to recent efforts in the critical infrastructure and retail sectors.
Keywords: cybersecurity, aerospace, space, aviation, NIST Framework, cyber attack, trade secrets
Suggested Citation: Suggested Citation