Text Size

Protection from Cyber Crime: NASA Security Operations Center (SOC)

Source: Andrea M. Riso, Ames Research Center

Protecting NASA's Networks

President Obama's declaration making cyber security a top national and economic security priority explains that there are thousands of attempts to penetrate sensitive networks to steal our nation's secrets and technology every day.

The Security Operations Center (SOC) is NASA's nerve center for detection and monitoring of security incidents for the Agency, providing continuous, uninterrupted event detection, situational awareness, incident management and tracking. The SOC maintains a sound and secure information assurance posture for more than 100,000 (including telephones) devices and users across NASA.

NASA's state-of-the-art SOC accomplishes detection through innovative solutions, utilizing proprietary systems to track and manage incident response activity, consolidating Agency-wide coordination and communication.

The SOC works side-by-side with the NASA's Computer Forensics and Incident Analysis (CFIA) team and the Cyber Threat Analysis Program (CTAP), which focus on addressing the most serious threats, mapping information between threats to NASA and NASA's inherent vulnerabilities. The SOC also performs penetration testing for NASA to determine security weaknesses with enterprise-wide ability to identify and respond to security incidents.

The NASA SOC, at the forefront of technological development, has capabilities including: real-time detection of NASA systems with malware infection; effectively blocking access to malicious exploit sites; preventing beaconing and data loss; using an effective multi-layer defense; and critically important real-time intelligence. These capabilities serve NASA's uniquely diverse technological environment of scientists, engineers and others, supporting a multitude of operating systems.

Inside the SOC

The SOC invests in the testing and development of advanced technologies to address growing cyber-security needs including cloud computing. SOC personnel are heavily involved in establishing best practices in securing virtual environments and developing cutting-edge techniques in alignment with SOC performance of incident handling, response and forensics.

Additional SOC services include:

  • System monitoring.
  • Network flow monitoring.
  • Log aggregation, correlation and analysis.
  • Vulnerability detection and management.
  • Threat management and tracking.
  • Incident coordination and management.
  • Computer forensics analysis.
  • Malware analysis and reverse engineering.
  • Advance persistent threat defense.
  • Threat notification.
  • SOC help desk.

Collaborating with external agencies, offices and organizations including the US-CERT, Forum for Incident Response and Security Teams (FIRST) and the Bay Area CSO Council, the SOC also works closely with the FBI and Counterintelligence (CI) to mitigate threats and vulnerabilities. The SOC also, in partnership with CI, determines current and future Cyber Terrorism threats in addition to supporting investigations and prosecutions of cyber criminals.

NASA's SOC is tracking, monitoring and reporting issues 24x7x365. For more information or to report an issue, contact 1-877-NASA-SEC (1-877-627-2732) or soc@nasa.gov

NASA: A Leader in Federal Efforts Against Cyber Crime

NASA's efforts around cyber security have prompted Vivek Kundra, the Chief Information Officer of the United States, to ask NASA to take the lead in forming a task force to demonstrate to other Agencies a pragmatic way to implement cyber security using automated systems.