Nasa at risk

This BusinessWeek article on attacks against the crown jewel of US technology and innovation is rather disturbing. While most of the incidents have been previously released, or rather- dribbled out on the QT,BusinessWeek has had access to detailed documents of some of the many incursions.

They spell out what happens when you have the combination of valuable assets and shoddy protection. Imagine your down town jewelry store leaving its diamonds in the window over night with no bars, security cameras, or nightly police patrol. That is what NASA has done with the US’s most costly and valuable technology assets.

It starts:

America’s military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe,

IN 2005 when the Space Shuttle was on the launch pad a Trojan Horse was loose at Kennedy:

Undetected by the space agency or the companies, the program, called stame.exe, sent a still-undetermined amount of information about the Shuttle to a computer system in Taiwan.

The attack and the flow of data to Taiwan (probably in transit to, you guessed it, China) was not discovered for SEVEN MONTHS at which point NASA shut down operations at the Vehicle Assembly Building (VAB) for several days.

All of this arises from the “research” mentality at NASA. For some reason academics think that they should not have firewalls and controls on Internet access. Well, they have given real meaning to the mantra “information should be free”. It is free to the Russian and Chinese governments that the article states are helping themselves.

Yes, NASA went to the Moon for all Mankind, but does that mean that its designs, data, and intellectual property should just be handed over to any foreign spy who stumbles upon them?

This entry was posted on Thursday, December 4th, 2008 at 7:02 pm and is filed under Cyber warfare, Data Security, Security, State Sponsored Hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022