Technology is something that has continued to grow and advance in the past few years. As citizens we continue to embrace changes and advancement in technology and apply those to our individual computer systems, such as PCs, GPS units, and gaming systems. We also understand the importance of upgrades to keep computer systems safe for the protection of the data stored within these systems.
There are times when issues of individual security in regard to personal computer systems can be overlooked. However this should never happen in regard to government agencies such as National Aeronautics and Space Administration (NASA). It seems that NASA has indeed overlooked crucial issues in regard to the safety of many internal computer servers.
According to an Internal audit performed by the Inspector General, there are crucial security issues affecting six computers severs that are vulnerable to attack by way of the Internet.
“Six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,“ according to the Inspector General's report. An attack on these systems could prove catastrophic to NASA. The weakness within the system could in fact allow penetration on an agency-wide level, haphazardly destroying and wreaking havoc throughout NASA’s entire computer network. Not only were the six servers extremely vulnerable to attack externally, but also after the penetration of the computer systems, it was discovered that some encrypted information could be revealed.
“We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers." the report said. "These data are sensitive and provide attackers additional ways to gain unauthorized access to NASA networks.”
Incredibly, these finding are not at all new to NASA. There were recommendations in May of 2010 by the office of the Inspector General to address these serious security issues. However, it is now almost one year later and these gaping holes in the NASA's Security have yet to be addressed. It seems that NASA has not authorized or assigned responsibility for eliminating these issues to anyone within its IT Department. So, in the meantime, vulnerability to attack remains uppermost in the minds of many people. Let's just hope that it is not uppermost in the minds of those that wish to do NASA harm.
The entire report is online here.