How are your data security at NASA?
The US House of Representatives published a curious report that reveals how, in one of the most reputable and foremost organizations in the world of science, are data security.
So, during two years (2010-2011), the National Aeronautics and Space Administration of the USA recorded 5,408 computer incidents related to data security - this included not only hacker attacks, but also malicious software detection (other words, about 7 problems a day). Among these incidents, NASA Inspector General Paul Martin (Paul K. Martin) admitted that over the past year his organization had faced 47 real hacker (advanced persistent threats) threats that were carried out by both individuals and entire groups of intruders The purpose of theft or damage to data. More specifically, 13 such attacks were successful - at least data was accessed and their reliability was questioned. To quantify the magnitude of the threats, it should be noted that the number of NASA employees amounts to "hundreds of thousands of employees worldwide", and the agency itself has about 550 different information and control computer systems. At the same time, $ 1.5 billion is spent annually on NASA’s computer infrastructure, of which $ 58 million is spent on security issues.
But, as it often happens, most of the problems were not to blame for computers, antiviruses and hackers, but the employees themselves. In addition to the fact that his organization is under attack by intruders, which, as Martin says, is quite expected, the inspector complained about the carelessness of the staff - from 2009 to 2011, the agency’s employees lost a total of 48 devices, whose data could theoretically be used to compromise not only employees, but also international projects. Moreover, the report states that only 1% of devices used in NASA are encrypted in principle, and the fate of the rest in this sense is at least not determined. So, quite recently, the report says, as a result of an internal audit, it was found that one of the employees lost a laptop with command codes used to control the International Space Station, while the laptop just did not get into 1% of encrypted devices. The usefulness of the data for laptop owners is, of course, doubtful, because its current owners do not have a space communications system, which is necessary for remote control of the ISS, however, nevertheless, the precedent itself deserves close attention, as the laptop could well be in the hands of an organization or States that may have such a system.
More details about the 9-page pdf-report here .
So, during two years (2010-2011), the National Aeronautics and Space Administration of the USA recorded 5,408 computer incidents related to data security - this included not only hacker attacks, but also malicious software detection (other words, about 7 problems a day). Among these incidents, NASA Inspector General Paul Martin (Paul K. Martin) admitted that over the past year his organization had faced 47 real hacker (advanced persistent threats) threats that were carried out by both individuals and entire groups of intruders The purpose of theft or damage to data. More specifically, 13 such attacks were successful - at least data was accessed and their reliability was questioned. To quantify the magnitude of the threats, it should be noted that the number of NASA employees amounts to "hundreds of thousands of employees worldwide", and the agency itself has about 550 different information and control computer systems. At the same time, $ 1.5 billion is spent annually on NASA’s computer infrastructure, of which $ 58 million is spent on security issues.
But, as it often happens, most of the problems were not to blame for computers, antiviruses and hackers, but the employees themselves. In addition to the fact that his organization is under attack by intruders, which, as Martin says, is quite expected, the inspector complained about the carelessness of the staff - from 2009 to 2011, the agency’s employees lost a total of 48 devices, whose data could theoretically be used to compromise not only employees, but also international projects. Moreover, the report states that only 1% of devices used in NASA are encrypted in principle, and the fate of the rest in this sense is at least not determined. So, quite recently, the report says, as a result of an internal audit, it was found that one of the employees lost a laptop with command codes used to control the International Space Station, while the laptop just did not get into 1% of encrypted devices. The usefulness of the data for laptop owners is, of course, doubtful, because its current owners do not have a space communications system, which is necessary for remote control of the ISS, however, nevertheless, the precedent itself deserves close attention, as the laptop could well be in the hands of an organization or States that may have such a system.
More details about the 9-page pdf-report here .
')
Source: https://habr.com/ru/post/139225/
All Articles