“Six calculator servers associated amongst IT [information technology] assets that command spacecraft as well as comprise critical information had vulnerabilities that would let a remote assaulter to accept command of or homecoming them unavailable,” the audit study released today (March 28) past times Inspector General Paul K. Martin said.
“The assaulter could purpose the compromised computers to exploit other weaknesses nosotros identified, a province of affairs that could severely degrade or cripple NASA’s operations,” the study continued. “We besides found network servers that revealed encryption keys, encrypted passwords, as well as user delineate of piece of employment concern human relationship information to potential attackers.”
It is non odd for previously unknown network safety holes to hold upwards found inwards large organizations. In that light, Martin’s audit mightiness get got been seen equally positive for revealing the vulnerabilities.
But it’s long been known that safety on NASA networks is weak. Martin’s component subdivision released a previous audit study near a yr ago, as well as since thence cypher has been done to remedy the situation.
“In a May 2010 audit report, nosotros recommended that NASA straight off found an IT safety oversight plan for this telephone substitution network,” today’s study reads. “However, fifty-fifty though the Agency concurred amongst the recommendation it remained unimplemented equally of Feb 2011.”
“Until NASA addresses these critical deficiencies as well as improves its IT safety practices,” it goes on to say, “the Agency is vulnerable to calculator incidents that could get got a severe to catastrophic lawsuit on Agency assets, operations, as well as personnel.”
Influenza A virus subtype H5N1 Government Accountability Office study inwards Oct 2009 was similarly critical of the agency, finding that “NASA has non all the same fully implemented telephone substitution activities of its information safety plan to ensure that controls are appropriately designed as well as operating effectively.”
NASA’s servers get got been broken into many times inwards the past. Martin’s novel study mentions 2 serious breaches inwards 2009, during ane of which intruders stole “22 gigabytes of export-restricted information from a Jet Propulsion Laboratory (JPL) calculator system.”
British hacker Gary McKinnon is awaiting extradition to the the U.S. of A. for allegedly hacking into NASA’s networks, equally good equally those of the Department of Defense, inwards 2001 as well as 2002.
Martin’s component subdivision recommends that NASA “expedite implementation of our May 2010 recommendation to found an IT safety oversight plan for NASA’s Agency-wide mission network.”
You tin move read the sum study : http://oig.nasa.gov/audits/reports/FY11/IG-11-017.pdf
Submitted By : Samad Khan (Con5tanTine)
Share This :
comment 0 Comments
more_vert