The computer networks responsible for NASA spacecraft missions like the International Space Station and the Hubble Telescope are vulnerable to computer hackers and cyber attacks, according to an audit by the NASA inspector general.
The inspector general found vulnerabilities on six computers with IT capabilities that control spacecraft were so severe that remote attackers could take control of them through the Internet.
Once attackers gain access to the network, they can use a compromised computer to exploit other weaknesses and cripple NASA operations. The audit found six network servers that revealed encryption keys, passwords, and account information, sensitive data, all accessible through the Internet, which could then lead to further access on other NASA networks.
“A security breach of a moderate- or high-impact system or project on this key network could severely disrupt NASA operations or result in the loss of sensitive data,” the IG said. With access to this data, attackers could use encryption keys to get through security controls and then remotely access a network server.
The IG attributed these weaknesses to NASA’s failure to assess security risks and sluggish response in creating IT protections. Back in May, the IG recommended NASA establish an IT security oversight program but it hadn’t been implemented as of February.
In January 2009, cybercriminals stole sensitive data from a jet propulsion laboratory and five months later, hackers infected a computer system supporting a space mission system.
NASA conducts risk assessments of individual IT systems periodically, but has never conducted an assessment for all IT systems.
FAST FACT: Once an attacker gains access to an Internet-accessible computer, the attacker can use the compromised computer to exploit vulnerabilities on other mission network computers. For example, with access to one network server’s sensitive information, a cybercriminal could have significantly disrupted NASA’s space flight operations and stolen sensitive data.
Following are other new watchdog reports released by the Government Accountability Office (GAO), various federal Offices of Inspector General (OIG), and other government entities.
- The Department of Energy received $400 million in stimulus funds for geothermal research, of which $110,000 went towards unallowable costs, like alcohol and entertainment. While the Department followed procedures for the selection and award of geothermal projects, the monitoring of awards was ineffective. The Department did not develop or implement procedures for monitoring projects and did not assign adequate staff for monitoring responsibilities. (Department of Energy Inspector General)