RSS Alerts

Share

More services

Related Stories

  • Texas man acknowledges hack of NASA computers
    A 26-year-old man from Houston plead guilty to hacking and wire fraud charges last week in a case involving the 2008–09 breach of a Minnesota-based company. In a separate incident, however, he will apparently avoid criminal charges for accessing two NASA servers.
  • NASA flunks cybersecurity audit
    While NASA may rule outer space, it appears the agency is not so adept in cyber space. The agency recently flunked a cybersecurity audit by its Office of the Inspector General (OIG).
  • NASA hacker McKinnon loses extradition appeal
    The UK hacker Gary McKinnon who became famous for hacking US military and NASA computers in 2001 and 2002 looking for evidence of UFOs, has lost his appeal against extradition to the USA.
  • Extradition Looms as the ‘Fires of Hell’ Burn for Gary McKinnon
    At the time of writing, the NASA hacker Gary McKinnon, who reportedly perpetrated the biggest military hack on record, was awaiting a decision from the Crown Prosecution Service on whether a recent signed confession, along with his diagnosis with Asperger’s syndrome, would help him to avoid extradition to the US and a potential 70 year prison sentence.
  • McKinnon confesses to NASA hacks
    Gary McKinnon, the notorious ‘NASA hacker’ has signed a confession relating to a charge under the Misuse of Computers Act in an attempt to remain in the UK.

Top 5 Stories

News

NASA audit warns of "catastrophic" consequences from lax information security

29 March 2011

NASA’s ongoing information security shortcomings could have a “catastrophic effect” on the agency’s assets, operations, and personnel, warned the agency’s Office of the Inspector General (OIG).

The OIG audit found six computer servers on NASA's agency-wide network that control NASA spacecraft and contain critical data had vulnerabilities that could allow a remote attacker to take control of or render them unavailable.

“Moreover, once inside the agency-wide mission network, the attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations”, the audit warned.

The OIG also found that attackers could obtain encryption keys, encrypted passwords, and user account information from network servers.

“These deficiencies occurred because NASA had not fully assessed and mitigated risks to its agency-wide mission network and was slow to assign responsibility for IT security oversight to ensure the network was adequately protected”, the report stressed.

An OIG audit in May 2010 found similar information security problems at the agency. That audit recommended that NASA establish an information security oversight program, a recommendation with which the agency concurred.

The 2011 audit observed that NASA had yet to set up the program. “Until NASA addresses critical deficiencies and improves its IT security practices, the agency is vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel.”

The OIG recommended that NASA’s chief information officer (CIO) implement the May 2010 recommendations, as well as identify internet-accessible computers on its networks and mitigate the risks posed by these computers and conduct an agency-wide information security risk assessment. NASA CIO Linda Cureton concurred with the recommendations.

In September 2010, an OIG audit found that many of the information security plans of 29 agency and contractor systems at NASA failed to meet IT security requirements of the Federal Information Security Management Act (FISMA). In that audit, the audit recommended establishing an independent verification and validation function to ensure that all FISMA requirements were met by the agency.

This article is featured in:
Compliance and Policy  • Internet and Network Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012