NASA lost 'full control' to hackers, pwned 13 times last year Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general. Paul Martin told a Congressional panel on information security at the space agency that NASA …
Because the NASA (non-IT) managers are soft in the head. They can't make a clear distinction between the material that can be publicly available and on public-facing servers and material (hopefully not a large amount) that cannot, and must be airgapped. The amount of money the US taxpayers spends on NASA operations certainly is enough to provide a real, not virtual, private network for access to that information which, for one or another reason, should not be made available to the public.
Actually in NASA as well as ESA, all mission critical systems do not have Internet access. THey separate the networks into and Office network, admin, internet etc and operational network, which runs hte missions and satellites. The OPS network is a private network, that doesn't have internet access. To hack this network, you'd need to physically compromise it
Then they'll sue and all damages will be fully paid for, may even finance setting up a new security system.
I seriously wonder how much NASA cares. I mean; the last hack from England where some kid was only trying to get data on "aliens". He was also perfectly willing to share his findings and actually help the guys out to straighten things out.
Although I didn't keep up with every detail, but last I heard there was no interest apart from extraditing him to the US to stand trial and be locked up for quite a few years. Major fail right there IMO; instead of going for damages and money (which IMO is disputable in this case) they also could have gone after his insight knowledge on security.
Yet I think the big money is what keeps looming over the horizon in events like these.
We had exactly such a problem here one time. One of the poohbahs wanted his mobe to work on the company network, and had the tech show him how to get around safeguards. When the poohbah was asked how he got into the system, he said "Joe told me how. He just volunteered the information." Guess who got canned, and who got a slap on the wrist for not being aware of policy, an innocent mistake?
He should have done his Sgt Schultz impersonation and got out.
So china has new heavy lift capability (http://www.theregister.co.uk/2012/03/05/china_rocket_deep_space/) and "In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China". Coincidence?? I wonder...... ;)
Americans, always trying to put a dollar symbol to wrongdoing.
Here, I'll fix it for you and you can split the $7m fifty-fifty. There are important systems, and there are PCs that losers use to tweet status updates. The two should never be joined. Not ever. Not even on the same power feed. And those important systems? They should be an their own independent network, totally abstract from "the internet" and not accessible from such.
Any IT bod that thinks otherwise ought to be publicly castrated and then roasted alive by being strapped to the funnel of the next scheduled rocket launch...
Not only should these systems be isolated from the Internet, they probably are. You understand this but the general public were worried by Y2K because they thought everything was a computer with a date problem.
However these stories are coming out in order to create someone to blame for a big problem that they are brewing.
Will only ever change if and when the media starts pumping titles like "XYZ security compromised. AGAIN. IT department says it's powerless cause higher ranked idiots won't let them do their jobs".
100:1 the media outlets won't ever have the dangling ones to pull this off, ie, shoveling blame where it's due.
Beer: Every time your old taskmaster for whom your policies where "right up there with the nazis" calls in and sheepishly begs for help after getting "pwned" again. He's gonna pay for it so might as well down it... Maybe more than one as there will surely be LOTS of "overtime".
Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.
5,408 computer security incidents between 2010 and 2011, And Gary McKinnon is the only one they've managed to catch? Looks like NASA (Not Actually Secure Architecture) is a bit of a soft hack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
