NASA Vulnerable To Multiple Network Breaches
It has been discovered that NASA’s network has unpatched vulnerabilities that could be exploited over the Internet. This is the same network that is used to control the International Space Station and Hubble Space Telescope. The report was filed by NASA’s inspector general. While there haven’t yet been traces of hacking with the current holes in the system, it is important to note the 22GB of data that was stolen back in 2009 from NASA’s Jet Propulsion Laboratory systems.
The network was so unprotected that thousands of unauthorized connections were being made from as far as China and Saudi Arabia. The report states “Until NASA addresses these critical deficiencies and improves its IT security practices, the agency is vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel,” according to the report, titled “Inadequate Security Practices Expose Key NASA Network To Cyber Attack.”
What perplexes me is why NASA would make this information widely public before they fix their security gaps. Isn’t this information that should be kept away from hackers, rather than encouraging them to breach the network? One answer I’ve come up with is that it would be an opportune way for NASA to catch and blacklist hackers, that is, if they are waiting to be breached. I sure hope that’s there plan, otherwise that doesn’t say too much about our Space program.
The inspector general believes that the problem was due to lack of oversight, even though they had decided to have better security protection after an audit last May, they haven’t worked on the problem yet. NASA’s inspector general further discovered that as many as 54 separate NASA servers were vulnerable to breach. He discovered this by using open source network mapping and security auditing. NASA’s network vulnerability scanner, named NESSUS also uncovered several of the 54 unprotected servers, even ones which could be breached passed their firewall. Added fault to NASA’s network is due to incorrectly configured accounts, encryption keys, and user account information allowing for the possibility of identity theft within members of the space program. The Chief Information Officer of NASA, Linda Cureton has agreed to add continuous monitoring to their network. We are yet to see these critical vulnerabilities be patched.