Though it is hard to imagine world class organizations being unable to handle the security tasks appointed to them, NASA has recently identified 10 computers that have been sold with sensitive material still on them. The standard procedure for disposing of computers is to remove the hard drive with the sensitive data on it. This leaves the computer relatively harmless. However, because of complications and misinformation, these computers were sold with the information still on them. Examine this excerpt from the article, “Specifically, the audit discovered that 10 computers from the Kennedy Center were released to the public even though they still contained sensitive NASA data and had failed verification testing as part of their disposal process. Another four computers with data were confiscated before they were sold.” The fact that these computers failed the process yet were still sold highlights a lack of understanding of security within the organization.
It is unfair to accuse the entire organization of lacking in security. I would imagine that NASA has one of the most strict and redundant security measures in the world. However, it only takes one mistake, one security measure forgotten or one plan that is outdated for a catastrophe to happen. In this case, the article highlights a number of employees who were ill informed of proper security measure as well as a number of the measures being outdated. As mentioned before, I would imagine that NASA has some of the strictest and most redundant measures in the world but this means little if they are outdated or no longer apply to the current level of technology.
NASA’s inability to appropriately protect its confidential information is perhaps a sign of its current underfunded situation. This can perhaps be linked to the fact that many of its supporters no longer see space as a noble venture for humanity. Nevertheless, the security administration at NASA has an obligation to make sure that there are as few security breaches as possible. This goal was not accomplished with the most recent breach of confidential information. As such, NASA must take steps to secure its information from potentially malicious users. This involves updating its security policies to better cope with the technology and vulnerabilities of the current era. This also involves the education and continued testing of its entire staff that has access to information that would be considered confidential. Unless adequate measures are taken to secure its information, NASA may have an unfortunate future of breaches and security violations in its future.
In addition to these breaches NASA has also released a backdoor that could allow people with malicious intentions into their system, “Further, computers at the Kennedy Center's disposal facility being prepped for sale displayed NASA IP (Internet protocol) information, which could easily give a hacker a way to break into a NASA network.” As discussed in class, this information could allow a hacker to bypass the firewall protocols and give them access to NASA’s system. This is a more pressing problem as a hacker could have already breached NASA’s system and made off with a great deal of confidential information. I believe that the best option for NASA now would be to find out which IP’s were lost and block them as each computer must have been given an independent IP that can be brought up and blocked. However, this does not address the problem of information already lost. Truthfully, I see no possible way to account for this lost information.
NASA currently faces a potentially massive security situation on its hands. "Our review found serious breaches in NASA's IT security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs, NASA Inspector General Paul Martin said in a statement.” This statement adequately highlights the situation that NASA currently faces. However, it should be noted that, because of releases of information and statements such as these, NASA is currently on a short time-line to get its system secure. Because the knowledge of a vulnerable system has been released, it will only be a matter of time before hackers are actively attacking the system looking for vulnerabilities to exploit. It may already be too late yet, it is better to minimize the damages done. However, continuing statements in the article that highlight lax standards may only add to the number of problems that NASA is facing with its system.
http://news.cnet.com/8301-13639_3-20025161-42.html
Posts
If companies like NASA are not taking the proper steps necessary to secure their information, there who will? I feel that the information NASA contains is pretty valuable, especially to other countries around the world. In recent years, space has not been very popular, but it could once again become very popular in the near future.
ReplyDeleteI dont understand computers were still sold if failed to make it through the proper disposal process. Employees are working at NASA that do not understand the proper security measures. A lot of the security measures are outdated since new software has been introduced. Someone within NASA has to be willing to take the initiative to improve in the areas that they are lacking. If not hackers will be able to tap in their network and cause a whole heap of problems.