Categories: Security

NASA Still Insecure Post-McKinnon Report Warns

According to a report from the Government Accountability Office released on 15 Oct., “NASA [does] not consistently implement effective controls to prevent, limit and detect unauthorised access to its networks and systems.”

While the report found that “NASA has made important progress in implementing security controls and aspects of its information security program,” it said NASA’s networks remain vulnerable.

“A key reason for these weaknesses is that NASA has not yet fully implemented key activities of its information security program to ensure that controls are appropriately designed and operating effectively,” the GAO wrote, (PDF) and pointed out, “Many of these systems and networks are interconnected through the Internet, and may be targeted by evolving and growing cyber-threats from a variety of sources.”

The GAO also said, “During fiscal years 2007 and 2008, NASA reported 1,120 security incidents that have resulted in the installation of malicious software on its systems and unauthorised access to sensitive information. To address these incidents, NASA established a Security Operations Center in 2008 to enhance prevention and provide early detection of security incidents and coordinate agency-level information related to its security posture. Nevertheless, the control vulnerabilities and program shortfalls, which GAO identified, collectively increase the risk of unauthorised access to NASA’s sensitive information, as well as inadvertent or deliberate disruption of its system operations and services.”

“GAO’s findings reminds us that much remains to be done to ensure the security of all of our federal agencies’ IT networks,” Rep. Bart Gordon, chairman of the House Science and Technology Committee, said in a statement. “However, regulation and legislation alone will not suffice. Agencies and departments must follow through with corrective actions to mitigate identified vulnerabilities. GAO has performed an invaluable service to NASA by identifying weaknesses and recommending needed improvements.”

NASA generally concurred with GAO’s recommendations that “the NASA administrator take steps to mitigate control vulnerabilities and fully implement a comprehensive information security program.”

“This GAO audit provides the NASA administrator and his team with important information [with which] to strengthen its cyber-security controls and processes. Correcting the vulnerabilities identified by GAO will take determination, time and focused leadership. We will continue to monitor NASA’s performance in this important area,” said Rep. Gabrielle Giffords, chair of the Space and Aeronautics Subcommittee.

Gary McKinnon is reportedly facing up to 60 years in jail in the US after he was indicted in late 2002 for hacking into military computers between February 2001 and March 2002. The US alleged his hacking caused it to shut down critical systems and networks in the aftermath of the 9/11 attacks, and caused damages of approximately £435,000.

Roy Mark eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

View Comments

Share
Published by
Roy Mark eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago