The Office of the NASA Inspector General published a report this week titled "insufficient security practices available make key NASA network to Cyberangriffen," which pretty much what it on the Tin says: the international space station, the Hubble Space Telescope, the space shuttle, and other important assets were penetrated vulnerable 2009 hacker the NASA computer network that controls them.
Since then the vulnerabilities have been fixed, but still a featured cybersecurity lacks NASA supervision to reduce progam future risks.
From a related story in Huntsville times:
also in 2009, 22 gigabytes of export controlled data from the Jet Propulsion Laboratory stolen hackers and opens up links between the NASA network and 3,000 foreign IP addresses.NASA has closed released Monday the worst holes in its system according to the audit, but other risks remain until NASA establishes that it secures for the entire agency. NASA says that you will do the end of the fiscal year September 30. NASA said in a statement on Tuesday that works of the chief information officer with NASA centers, including Huntsville's Marshall Space Flight Center, to ensure that computers are secure.
Enter more over the past, directly from the NASA Inspector General report:
, we found that computer server NASA's Agency-wide mission had network with high risk vulnerabilities, from the Internet that is exploitable. In particular spacecraft had six associated with computer server IT assets that contain important data and control vulnerabilities that would allow it, a remote attacker control of, or make them unavailable. In addition the compromised computers could exploit once every network Agency-wide mission, the attacker other weaknesses we identified that use a situation which could be severely undermined or cripple of operations of NASA. We found unveiled also network servers, the encryption keys, encrypted passwords and account information in potential attackers. This data is sensitive and offer additional opportunities for unauthorized access to NASA network attackers. These weaknesses occurred because NASA fully assessed Hadnot and risks mission Agency-wide defused network and was slowly, to the responsibility for assigning safety oversight to ensure that the network is adequately protected. A may 2010 audit report recommends that NASA immediately an IT security oversight to make program for this important network.Although the Agency agreed with the recommendation remained there but not implemented as of February 2011.
Direct link to the Inspector General cybersecurity audit here.
(Thanks to miles O'Brien)
没有评论:
发表评论