We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
75,052 News Articles

NASA still falling short on IT security

A review by a NASA inspector general finds the space agency needs to improve

Unencrypted laptops, unpatched software and advanced attacks from hackers are putting U.S technical know-how at risk if NASA doesn't take a stronger IT security stance, according to a report released on Wednesday by the agency's inspector general.

NASA is a regular target of cyber attacks due to its more than 550 systems that house "information highly sought after by criminals," wrote NASA Inspector General Paul K. Martin.

Martin's testimony before a subcommittee of the House Committee on Science, Space and Technology summarized previous Inspector General audits of NASA IT security and made recommendations for the space agency.

NASA reported 5,408 computer security incidents in 2010 and 2011 that resulted in either malicious software installed on its systems or unauthorized intrusions, Martin wrote.

The resulting theft of export-controlled data and other information cost the agency more than US$7 million, Martin wrote.

"NASA needs to improve agency-wide oversight of the full range of its IT assets," he wrote.

One problem area: laptops. As of the beginning of this month, only 1 percent of NASA's laptops and portable devices were encrypted. Between April 2009 and April 2011, 48 mobile computing devices with sensitive data were stolen or lost, the report said.

In another area of weakness, only 24 percent of applicable computers on a mission network were monitored for critical software patches, the report said. Only 62 percent were monitored for technical vulnerabilities, according to an Inspector General audit from May 2010.

In fiscal 2011, NASA was also targeted by 47 "advance persistent threats," or cyber attacks that seek to steal data while being undetected for a long period of time.

Thirteen of those attacks successfully compromised agency computers, Martin wrote. In one of those attacks, intruders stole credentials of more than 150 NASA employees, which could have been used to gain access to NASA systems.

Another attack, which originated from Chinese-based IP (Internet Protocol) addresses, targeted the Jet Propulsion Laboratory. In that attack, the intruders "gained full access to key JPL systems and sensitive user accounts."

"The attackers had full functional control over these networks," the report said.

In another area, auditors found that NASA failed to properly erase computers used for the Space Shuttle program before offering the machines for sale.

Investigators discovered "excessed hard drives in an unsecured dumpster accessible to the public at one center," the report said.


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iOS 8 features wishlist: the changes iPhone and iPad users want in Apple's iOS 8

IDG UK Sites

25 Years of the World Wide Web: Happy Birthday, Intenet

IDG UK Sites

Developers get access to more Sony camera features