Forgot your password?
typodupeerror
NASA Security Science

NASA Vulnerable To Crippling Cyber Attacks 67

Posted by CmdrTaco
from the aren't-we-all dept.
RedEaredSlider writes "The computer network NASA relies upon to carry out its billion dollar missions is just like your Mac or PC at home; vulnerable to cyber attacks. NASA's servers contain vulnerabilities that could enable a cyberattack to cripple the entire agency, according to a recent audit report from The Office of the Inspector General. The report was an unflattering look at NASA's internal computer security operations, as the Inspector General recommended the agency expedite the implementation of a new agency-wide program to oversee the network security problem."
This discussion has been archived. No new comments can be posted.

NASA Vulnerable To Crippling Cyber Attacks

Comments Filter:
  • by dstyle5 (702493) on Tuesday March 29, 2011 @04:15PM (#35657890)
    Given how their website was so full of holes I'm sure they could have told NASA where to look.
    • No, McAfee is for people on a budget. Someone with as much money as NASA uses *serious* security protection from HBGary.
  • by Anonymous Coward

    NASA has always been lax about security. Every few years there's another story about them getting owned by a bored teen. And let's face it, their shoestring budget isn't going to pay for top dollar infosec support.

    • maybe they're just all high on teh Crizzak

      http://www.huffingtonpost.com/2011/03/15/nasa-finds-cocaine-space-center_n_836109.html
  • I thought there was a highly funded government agency that was charged with providing security for the nation's communications and information systems. Dang! Now what was that called... SAN? ANS? SNA?... Something like that. Anyways, why isn't NASA using them?
    • Every agency is responsible for securing their own infrastructure. NIST [nist.gov] only provides only guidance.
      • by peragrin (659227)

        which is both a blessing and a curse. A curse from the fact that so many disparte angencies have such varing standards and security means the total cost of government IT goes up and up. however because there are so many non interconnecting systems it makes it harder for the government to spy on you.

      • Actually, considering the three letters present in all of the provided options--I think he was thinking of the NSA.
  • by Locke2005 (849178) on Tuesday March 29, 2011 @04:22PM (#35657996)
    IT is not rocket science!
    • by Sinning (1433953)
      I think that's the whole problem.
      • by Thud457 (234763)
        Is Dr. No going to start stealing our rockets with trojans now?


        oh, no that's Congress that's grounding the U.S. nevermind....
    • by Nyeerrmm (940927)

      As a professional rocket scientist (well navigation engineer) and an amateur IT technician (manage a non-profits web presence), let me tell you: IT is a whole hell of a lot harder.

      Of course it may just be that I have a lot more education in one topic than the other.

      • by Coren22 (1625475)

        The trick to most IT support is knowing how to frame a Google query. If you have the background, it isn't terribly hard to setup networks, servers, desktops, etc. Securing these systems is a whole other bag of worms though; security is a constantly moving target, and you have to keep up with it constantly to do a good job. Even then, there is no truly secure system, there will always be flaws in the underlying OS and any other software that you use that only the attackers have found (Zero-Day Exploits).

        I

  • You'd think after all the fuss made about Gary McKinnon accessing the system 10 years ago - they'd have done something about it by now

    • by vlm (69642)

      You'd think after all the fuss made about Gary McKinnon accessing the system 10 years ago - they'd have done something about it by now

      Maybe Gary was right all along, they're too busy covering up the UFO conspiracy to bother with simple stuff like periodic "apt-get upgrade" or whatever it is that windows people have to suffer thru.

  • Why are these things connected to the internet? Does mission control watch Youtube while they're waiting for the countdown or what?
    TFA is kind of sketchy on details though, so i'm wondering if anyone knows anything more about these "servers... that control spacecraft." Sounds like ignorant reporting to me.

    • by Nyeerrmm (940927)

      I'm learning the process of doing operations for unmanned spacecraft right now, and some of them are definitely internet accessible.

      The reason, at least for what I do, is that we're not always sitting in the control room for operations. For big events, yes, but when you're getting telemetry, processing it, and updating the onboard ephemeris, a cube or office is a lot more comfortable. Furthermore, you need to stay and work from home sometimes, sick child/repairman coming/car broke/whatever, but you still

  • enable a cyberattack to cripple the entire agency

    What would that look like exactly? To the best of my knowledge NASA is kind of a management consultant group... They contract EVERYTHING out. All capital, all operations, all services. So its not like the space station will fall out of the sky, or space probe data will be lost, because thats all done by contractors, whom presumably do a better job, since its their money on the line not the taxpayers.

    Most of their contractors are large, therefore politically well connected, which in a circular way explain

    • by robot256 (1635039) on Tuesday March 29, 2011 @06:05PM (#35659354)

      To the best of my knowledge NASA is kind of a management consultant group... They contract EVERYTHING out.

      No, you're confusing us with DoD. DoD contracts everything out, but NASA has a mix of contract and in-house services. We generally contract out pieces of satellites and assemble them ourselves (and fix everything the contractor f***ed up). In terms of IT, basic workstations are administered by contract suppliers, but other systems are owned by the government and administered by civil servants (engineering workstations, lab equipment computers, ground support operations, data processing supercomptuers, etc.). Many of these systems are connected to the Internet to get software updates and research problems when troubleshooting. But I do know that the ground support networks for satellites and large tests are definitely not connected to the Internet.

  • Their crack team of web developers can't even get nasa.com to work without the www. in front of it.

    • by FunkyELF (609131)

      ... of course I meant to say nasa.gov
      The people cybersquatting nasa.com were about to figure it out.

  • Computer networks can be accessed by computers. Film at eleven.
  • this is how the US government takes over and militarizes space...
  • by slick7 (1703596) on Tuesday March 29, 2011 @05:35PM (#35658930)
    A greater crippling obstacle appears to be (Con)gress, they can't even get their story straight on the budget let alone anything else.
    Billions are dumped on our so-called "friends" and yet, everybody hates us. If 1/10th of the war budget went to NASA, we would be somewhere past the asteroid belt, let alone fiber optic networks for everyone.
  • You be good now Australian hackers!
  • I'm not going to give many details, it's not good business. I don't know much about the non-mission critical systems, but I do maintain mission critical ones and I will venture a mention they're not on the internet. The internet and the mission critical stuff are far separated. That's more specific than I probably should have gotten, things that communicate with the station, the shuttle and TDRS are isolated, often from one another.

    • by vlm (69642)

      The internet and the mission critical stuff are far separated. That's more specific than I probably should have gotten,

      Yeah, whatever you do, don't use the top secret phrase "air gap firewall".. Come on, enough security theater.

  • Jeez, with IT like that, by this summer they probably won't even be able to launch a space shuttle!
  • ...they've always had a problem with this, though. I was there years ago (at the beginning of the Internet boom) and we were one of the most hacked targets on the planet. Everyone seems to think that all the secret UFO data was in NASAs network -- and the pace of attacks was astounding. You had to have an RSA token to login to anything. It got so bad that we ended up having to put an optical tap (even as contractors, we fought that one) on the FDDI ring what was MAE-WEST so the FBI and other TLAs could

  • I don't understand the problem. McAffee's web check said their site was okay!!

  • "We found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet. Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable" link [ibtimes.com]

    By any chance, would these 'computer servers' be running on Microsoft Windows?

    "a recent audit report .. cited a 2009 incident in which cybercriminals ..

  • They used to be hailed as the corner stone of undeniable precision, where they could lose contact with a shuttle, and plan its course and be able to tell with 100% accuracy where it would show up once it regained contact with them (apollo mission)....here, this makes them look like newbs....i dont know what happened, if some outsourced agency was hired to throw together their network configs, but i am surprised to say the least.

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."

Working...