NASA Faces Security Scrutiny

By: Absolute Team | 3/14/2012

The big news in data breaches this week comes from NASA. According to a report just presented [PDF] to the US House of Representatives, hackers were able to successfully access mission systems at NASA on numerous occasions in 2011. In addition to this, it has been revealed that a laptop stolen from NASA contained algorithms used to command and control the International Space Station (ISS).

NASA Plagued by APTs

According to the report, hackers using Chinese IP addresses gained access to the IT systems of the Jet Propulsion Laboratory where they were able to steal information and manipulate high-profile user accounts.

Statistically speaking, NASA was hit with 47 advanced persistent threat (APT) attacks; 13 were successful, a 28% success rate. These successes were possible despite NASA spending $58 million on IT security for 2011.

The report by NASA's inspector general, Paul Martin, concluded that a number of issues contributed to these attacks. The CIO role is not clearly defined, lacking authority over some IT assets; encryption isn't widely used (only by 1% of devices); the transition to cloud computing was not done securely; cyber attacks continue to become more sophisticated.

Lost & Stolen Computers at NASA

In addition to the APT threats, the NASA report reveals that 48 devices were lost or stolen between April 2009 and April 2011. The missing laptops contained personally identifiable information, third-party intellectual property, Social Security Numbers (SSNs), and sensitive NASA data. The most notable of the breaches includes information about the command and control of the International Space Station (ISS).

According to the report, NASA has no way to accurately determine the exact data on the missing devices, instead relying on employee memory.

Given the increase in the use of laptops and other mobile devices, it's clear that NASA is lagging in terms of agency-wide data protection policies and solutions.

Don't let your company fall behind too - take this time to do a risk assessment and consider more proactive security measures. Ask us how we can help.

Financial Services