NASA had 5,408 computer security lapses in 2010 and 2011, including
the March 2011 loss of a laptop computer that contained algorithms used
to command and control the International Space Station (ISS), the
agency's inspector general told Congress Wednesday.
"These incidents spanned a wide continuum, from individuals testing
their skill to break into NASA systems, to well-organized criminal
enterprises hacking for profit, to intrusions that may have been
sponsored by foreign intelligence services seeking to further their
countries' objectives," Inspector General Paul Martin said in written
testimony before the House Science, Space and Technology Committee
investigations panel.
"Some of these intrusions have affected thousands of NASA computers,
caused significant disruption to mission operations, and resulted in the
theft of export-controlled and otherwise sensitive data, with an
estimated cost to NASA of more than $7 million," Martin said.
It's not known how& the number and scope of computer security
breaches at NASA compare to other federal agencies because NASA's Office
of the Inspector General is the only OIG that regularly conducts
international network intrusion cases, Martin added.
"NASA needs to improve agency-wide oversight of the full range of its IT assets," Martin wrote.
The security lapses include the loss or theft of 48 mobile computing
devices between April 2009 and April 2011, "some of which resulted in
the unauthorized release of sensitive data including export-controlled,
Personally Identifiable Information (PII), and third-party intellectual
property."
"For example, the March 2011 theft of an unencrypted NASA notebook
computer resulted in the loss of the algorithms used to command and
control the International Space Station," Martin wrote.
"Other lost or stolen notebooks contained Social Security numbers and
sensitive data on NASA's Constellation and Orion programs. Moreover,
NASA cannot consistently measure the amount of sensitive data exposed
when employee notebooks are lost or stolen because the agency relies on
employees to self-report regarding the lost data rather than determining
what was stored on the devices by reviewing backup files.
"Until NASA fully implements an agency-wide data encryption solution,
sensitive data on its mobile computing and portable data storage
devices will remain at high risk for loss or theft," Martin wrote.
NASA said it is aware of the problem and taking steps to step up its computer security programs.
"The NASA IT Security program is transforming and maturing," the
agency's chief information officer Linda Cureton said in her written
testimony to the same panel.
"NASA is increasing visibility and responsiveness through enhanced
information security monitoring of NASA's systems across the agency,"
she said.
Image: International Space Station -- at risk from hackers? Credit: NASA
http://news.discovery.com
No comments:
Post a Comment
You can comment here...