Security threats can strike anywhere - even NASA
While everyday computer users may think their systems are secure, recent events serve as a warning that no system is ever fully safe. In giving its state of security for 2011, NASA announced a number of breaches, including 13 separate data losses. Online security can be compromised, even at some of the most technologically advanced organizations in the world. Contained in the NASA data are lessons about the nature of threats currently facing computer users and what can be done to counter them.
"NASA is a regular target of cyber attacks both because of the large size of its networks and because those networks contain information highly sought after by criminals attempting to steal technical data or compromise NASA networks to further other criminal activities," explained the organization's inspector general, Paul Martin, in testimony before the House Committee on Science, Space and Technology.
Cyber attackers made several attempts to compromise NASA, according to Martin's testimony. The agency suffered 47 persistent threats from outside attackers in 2011, 13 of which were successful. Even with an IT security budget of $58 million, attackers made off with credentials for 150 employees in a single breach. Such credentials could be used to make illicit use of the organization's networks. The theft of a notebook computer highlighted the problems with security at the agency. Though the computer contained the command algorithms for the International Space Station, the hard drive was not encrypted.
In all, NASA outlined five particular areas of threat - lack of awareness of agency-wide security policies, difficulties implementing continuous IT monitoring, slow encryption of devices, lack of ability to fight severe cyber attacks and challenges coming from the organization's transfer to cloud computing. As a high-tech agency on the cutting edge of IT use, NASA still shows significant weaknesses. Malicious computer use is evolving, meaning that any type of data is at risk.
NASA's experiences in 2011 were not independent of larger trends. The InformationWeek 2011 Strategic Security Survey found plenty of attacks across the board, including against corporate users with a reputation for keeping data secure. One of the changes noted was an increase in security awareness at the corporate level compared to 2010. Despite this success, there are still malicious users out in force in the online community, and users who remember that will be able to manage information properly.