Aeronautical Communications Featured Article
NASA Inspector General Concludes Agency Computers Vulnerable to Cyber-Attacks
There are few large-scale computer systems today that don't – at some point – experience attacks or attempted attacks from hackers. Chances are, if you have a credit card or ATM card, at some point, a merchant has informed you of a breach in their system (and stored personal data) that required you to change your credit card and perhaps take advantage of free credit monitoring service paid for by the merchant.
But let's face it, not all computer networks are created equal. While a breach in T.J. Maxx's network might be inconvenient for many, it's unlikely to get anyone killed. So you'd think critical government agencies, for example, would take better care.
NASA's inspector general concluded this week that computer servers used by the space agency to control spacecraft were vulnerable to cyber-attack through the Internet, reported AFP.
“We found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet,” NASA inspector general Paul Martin said in a report that concluded an audit of NASA's network security. “Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” said the report.
Apparently, a malicious hacker who managed to penetrate the network could use compromised computers to exploit other weaknesses and “severely degrade or cripple NASA's operations.”
The inspector general's audit of NASA's computer security reportedly found system-wide holes such as network servers that revealed encryption keys (oops!) encrypted passwords, and user account information.
“These data are sensitive and provide attackers additional ways to gain unauthorized access to NASA networks,” the report said.
The inspector general warned that “until NASA addresses these critical deficiencies and improves its IT security practices, the agency is vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel.”
You'd think they'd be onto this already. In 2009, hackers infected a computer system that supports one of NASA's mission networks. “Due to the inadequate security configurations on the system, the infection caused the computer system to make over 3,000 unauthorized connections to domestic and international Internet Protocol (IP) addresses including addresses in China, the Netherlands, Saudi Arabia, and Estonia,” recalled the report.
Also in 2009, hackers stole 22 gigabytes of export-restricted data from a computer system at the Jet Propulsion Laboratory (JPL), a federally funded NASA research and development center in Pasadena, California.
The inspector general recommended that NASA immediately act to mitigate risks on Internet-accessible computers on its mission networks and carry out an agency-wide IT security risk assessment.
Tracey Schelmetic is a contributing editor for TMCnet. To read more of Tracey's articles, please visit her columnist page.
Edited by Janice McDuffee