Cyber criminals could have a field day with insecure computers at NASA, possibly including those controlling the Hubble Space Telescope (pictured), the Space Shuttle, the International Space Station and the Cassini and Lunar Reconnaissance Orbiters, according to an audit report from NASA’s inspector-general Paul Martin released today.
The IG finds that NASA has yet to implement an agency-wide computer security program that was recommended after a previous IG review in 2010. The latest audit found six computer systems that were vulnerable to cyber-attack and remote control by cyber criminals, being connected to the internet and not having the latest software patches installed. Gail Robinson of the OIG’s office tells Nature the IG can’t say publicly which systems are affected for security reasons, but that it has told NASA the information. Although only six examples were documented, the IG report makes clear that up to 130 systems could be affected by the inconsistent oversight.
The IG notes that NASA has been a target for cyber-criminals in the past. In 2009, cybercriminals took control of computers supporting one of NASA’s missions and forced them to connect to networks in China, the Netherlands, Saudi Arabia, and Estonia. Also in 2009, cybercriminals stole 22 gigabytes of data from an IT system at the Jet Propulsion Laboratory (JPL) in Pasadena, California.
In a response to the report, NASA management says it has fixed the problems the IG found and agrees that it needs to implement agency-wide risk assessments and oversight.
Image Credit: NASA