By: Rachel C. Samples
A week before NASA Administrator Charles F. Bolden, Jr. steps up to testify before a US House of Representatives committee on NASA’s Fiscal Year 2013 budget, NASA Inspector General Paul K. Martin and Chief Information Officer Linda Y. Cureton testified on the numerous information security vulnerabilities within the space program. On Feb. 29, the subcommittee on Investigations and Oversight of the House of Representatives held a hearing addressing the current condition of NASA’s cybersecurity. During the proceedings, Martin and Cureton provided an overview of changes within NASA’s IT department and of the 5,408 incidents of cyber attacks detected during 2010 and 2011.
“As of February 1, 2012, only 1 percent of NASA portable devices/laptops have been encrypted,” said Martin. “Between April 2009 and April 2011, NASA reported the loss or theft of 48 Agency mobile computing devices, some of which resulted in the unauthorized release of sensitive data including export-controlled, Personally Identifiable Information (PII), and third-party intellectual property.”
One case of concern that has received considerable attention was the March 2011 theft on an un-encrypted NASA laptop which contained the command and control algorithms for the International Space Station (ISS). The loss of the laptop would not give the thief control of the ISS but could have potentially endangered national and international security by providing insight into command types and coding.
In the opening address to the committee, Representative and subcommittee chairman Paul Broun of Georgia, compared the March laptop theft with the un-authorized access of Landsat7 and TerraAM1. He went so far as to quote from the U.S.-China Economic and Security Review 2011 report on how the two satellites “have each experienced at least two separate instances of interference apparently consistent with cyber activities against their command and control systems.”
Representing one-half of all the US civil government’s websites, NASA is a large target of potential cyber attacks. The notability of such an attack might attract individual or groups of hacker but the dual-use nature of NASA technology and the complexity of the developments, which gives the US its technology competiveness will ensure that attackers will keep coming back.
“Threats and vulnerabilities have the potential to change faster than NASA’s Security posture,” said Cureton. ” Thus a new philosophy, management scheme, and ideal is moving to continuous monitoring and the goal to “predict rather than react to cyber threats.”
Inspector General Paul Martin’s complete written testimony delivered to Congress is available here.