Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


STOLEN NASA LAPTOP HAD SPACE STATION CONTROL CODE

Source: Curiousity.com

Posted on March 12, 2012

NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station (ISS), the agency's inspector general told Congress Wednesday.

An attack by Chinese hackers on NASA's Jet Propulsion Laboratory (JPL), in Pasadena, Calif., was also mentioned, although details were scant of the ongoing investigation.

"These incidents spanned a wide continuum, from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Inspector General Paul Martin said in written testimony before the House Science, Space and Technology Committee investigations panel.

"Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million," Martin said.

It's not known how the number and scope of computer security breaches at NASA compare to other federal agencies because NASA's Office of the Inspector General is the only OIG that regularly conducts international network intrusion cases, Martin added.

"NASA needs to improve agency-wide oversight of the full range of its IT assets," Martin wrote.

The JPL incident that occurred in November 2011 gave the attackers "full functional control over these networks," he added. JPL is the base of operation for a host of operational robotic space missions and the security breach could have allowed the deletion of sensitive files, access to user accounts of critical systems and the uploading of malicious software, FOXNews reports.

The security lapses include the loss or theft of 48 mobile computing devices between April 2009 and April 2011, "some of which resulted in the unauthorized release of sensitive data including export-controlled, Personally Identifiable Information (PII), and third-party intellectual property."

"For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," Martin wrote.

"Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA's Constellation and Orion programs. Moreover, NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files.

"Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," Martin wrote.

NASA said it is aware of the problem and taking steps to step up its computer security programs.

"The NASA IT Security program is transforming and maturing," the agency's chief information officer Linda Cureton said in her written testimony to the same panel.

"NASA is increasing visibility and responsiveness through enhanced information security monitoring of NASA's systems across the agency," she said.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.