NASA security is so bad they lost controls to the space station; why is no one fired?

Successful breaches range from one-time hacks to long-term foreign intelligence spy-ins


If you were a thriller-movie evil genius who wanted to take over the world by threatening to destroy it using secret superweapons based in an ultracool, visually arresting but still unassailable superfortress, what would your first step be?

You'd look for a really cost-efficient way to achieve that goal. (Evil is very budget-conscious, especially after spending so much on hideouts under extinct volcanoes, in the Arctic, under the ocean and in other inaccessible places – hideouts that were blown up one sequel after another, leaving the Organization for Evil underwater [ahem] on its elaborate-lair mortgages.)

You want cost-effective? You don't build your own superfancy superfortress, you steal one built by someone else.

One like, say, the International Space Station, built by the U.S. and a host of other countries for reasons that emphasize scientific advancement and peaceful cooperation (they were all too broke to build one themselves).

Security on an international scientific and military space base would be a huge issue. The door is sure to be locked.

So you would steal the key. From NASA. It should be easy.

NASA pwned so bad it doesn't know how bad it's pwned

In March, 2011, a laptop containing the algorithms to unlock control systems on the ISS and control the spacecraft was stolen – one of 5,408 computer security lapses, many of which may have been sponsored by foreign intelligence services, according to a report on NASA security given to Congress yesterday by Paul Martin, NASA's Inspector General.

Poor security cost NASA $7 million in lost mission preparedness and the loss of restricted data on during 2010 and 2011 but still suffered far too many breaches of its data security, some of which put both national security and the individual security of NASA employees at risk, Martin told the House committee on Science, Space and Technology.

The 5,408 incidents counted only successful attempts to hack or install malicious software on NASA systems.

One good reason was that only 62 percent of NASA servers were monitored to identify the kind of technical flaw on which most hacking exploits are based; only 24 percent were monitored to make sure all their patches were up to date.

Photo Credit: 


Join us:






Answers - Powered by ITworld

Ask a Question