According to a recent GAO report NASA suffered hundreds of security incidents in 2007 and 2008, including malware infections, data breaches, stolen laptops and bot nets. NASA was affected by more malware than any other federal agency and reported 1,120 security incidents during this two year span. Some of the laptops that were stolen contained unencrypted data for the prototype hypersonic jet (the X-51 scramjet) and test plans related to a space telescope and lunar orbiter. 82 agency computers became part of a Ukraine-based bot net after they were infected with rootkits.
Situation is improved, but gaps in security remain
The US Computer Emergency Readiness Team urged the space agency to implement more effective patching and to better train employees regarding cyber security. Despite the warning NASA still found a number of machines infected with the Coreflood Trojan. It can steal user credentials then communicate with a hostile command and control server. NASA has taken steps to address incident response and improve cyber security practices. The GAO still cites gaps. “”NASA remains vulnerable to similar incidents going forward,” the report finds. “Control vulnerabilities and program shortfalls make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts.”
Security should continue to tighten
The GAO made numerous recommendations. NASA deputy administrator Lori Garver agreed with them. “Deficiencies with IT security are often a result of systemic issues in the management of IT,” she said. “To this end, NASA continues to implement improvements in IT management, adhering to [a] previously developed strategy for providing an integrated, secure, and efficient IT environment that supports the NASA mission.”
User awareness key to any effective cyber security program
People need to understand the risks of opening spam attachments or visiting links embedded in spam. Mailprotector’s services help to mitigate these types of events. Our email security services protect users from Trojans, viruses, phishing, and other email-borne malware. Mailprotector is easy – you don’t need to be a rocket scientist to use it.
Happy National Cyber Security Awareness Month!
