According to the results of an audit performed by NASA's Office of Inspector General and published this week the agency's critical computer network is vulnerable to cyber attacks."
We found that computer servers on NASA’s Agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet," the office said in its report. [
pdf]
Inspectors found six servers involved in spacecraft control vulnerable to remote attacks that could render them inaccessible or compromise them entirely.
They note that an attacker could use their unauthorized access to one of these computers to exploit other weaknesses and penetrate deeper into the network, an action that could have a serious impact on NASA's operations.
Information disclosure vulnerabilities were also identified on servers and could be leveraged to obtain encryption keys, encrypted passwords and user account details.
The office is unhappy with the management's lack of action after a May 2010 audit report that recommended the establishing of an IT oversight program.
"
These deficiencies occurred because NASA had not fully assessed and mitigated risks to its Agency-wide mission network and was slow to assign responsibility for IT security oversight to ensure the network was adequately protected," it concludes.
Investigators reiterate the need to establish an IT oversight program and recommend the immediate identification of Internet-accessible computers in order to mitigate identified risks.
It was also suggested that NASA’s Chief Information Officer, in conjunction with the Mission Directorates, should conduct an Agency-wide IT security risk assessment.
Fixing the identified vulnerabilities is even more important as NASA is a high-profile target for hackers looking to prove their skills. Even if not necessarily malicious in nature, such attacks could still have serious implications.
We previously
reported several incidents when NASA websites were compromised via SQL injection vulnerabilities.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
