NASA's ISS Control Codes Were Stolen, IT Department Incapable of Patching PCs
March 1, 2012 6:46 PM
Only 1 percent of laptops were encrypted, 48 laptops were stolen with a wealth of data
National Aeronautics and Space Administration
(NASA) has suffered in recent years from budget cuts. Underpaid and understaffed, NASA's hopes of recruiting the best and have faded as a divided House has expressed disinterest in funding NASA. Meanwhile President Barack Obama's administration
completed George W. Bush's plan to scrap the Space Shuttle program
privatized cargo launches
(which Congress then refused to fund), and
dramatically scaled back NASA's targets
ditching the return to the Moon
proposed by George W. Bush.
I. NASA Seldom Patches Computers or Encrypts, Lost ISS Codes, 47 Other Laptops
The last thing NASA needs at this point is any bad news, which could make it look like the space agency's
thinning house of cards
is about collapse. It would be pretty bad if you lost a $125M USD Mars orbiter due to
mixing up metric units and English units
(NASA and contractor Lockheed Martin Corp. (
) did that in 1999).
An inspector general assigned to inspect and diagnosis the abysmal security at the space agency has
[PDF] that NASA lost the control codes to
the International Space Station
, along with what sounds like a good portion of NASA's other secrets.
"Ahh... how do I say this. Er. I lost the keys to mankind's only active space station. No, really."
[Image Source: NASA]
The only good news is that the station itself used secondary encryption meaning that whoever stole the control codes would be unable to gain full command, unless they also managed to get ahold of that code, as the station only accepts commands encoded with that day's encryption. Still the data loss is an embarrassing highlight in a lengthy report detailing NASA's failing information technology efforts.
Thefts of NASA employees' laptops and mobile devices began in April 2009 and continued until April 2011. In all about 48 devices were stolen, before NASA tightened security. Or actually, says NASA Inspector General Paul K. Martin the number could be higher, as NASA relies on employees to report the theft of work devices.
Apparently information technology-wise, NASA is operating as if the year was 1969 -- the year NASA triumphantly landed on the moon. A lot of things have changed since then in the world of computing, but NASA's IT department appears to be a little bit behind the times.
Mr. Martin describes that as of February 1 only about 1 percent of NASA laptops are encrypted, despite carrying a host of state secrets – third-party contractors' intellectual property, spaceship designs, control codes, and even astronauts' personal information.
More astoundingly, NASA reportedly seldom patches its aging computers.
Do you know how to patch your computer? If so, you're a step ahead of the glowing minds in NASA's IT department. [Image Source: Microsoft]
While the agency is mandated to patch its machines under
national security guidelines
, the agency's chief information officer apparently "has limited ability" to accomplish the process, as NASA appears to lack any sort of coherent device management. And of course, NASA employees appear to be either not authorized to apply Windows Update/apt-get or are unaware of how to use these modern marvels.
II. Hostile Parties Revel in NASA's Incompetent Security
The net result is that everyone from amateurs up to seasoned foreign level actors appears to be victimizing NASA and its IT department. The worst incident described was the theft of the space station control codes, which were on an unencrypted laptop.
The IG didn't say exactly where that laptop might be today, leaving it unclear whether it even knows. Nor did it say what become of the other devices which contained employee (and astronaut) social security numbers, data on the Orion spacecraft design, data on the cancelled Constellation Program, "export-controlled, Personally Identifiable Information", and "third party intellectual property".
As for the ISS control codes, NASA engineers were forced to scrap parts of the station's software when they realized that security had been presumably completely compromised. As Mr. Martin puts it, there was "loss of the algorithms."
U.S. intelligence agents recently succeeded in
Razvan Manole Cernainu, handle "TinKode", who was among the reportedly numerous independent hackers who penetrated NASA's networks for fun and bragging rights. TinKode in 2011 hacked into Goddard Space Flight Center FTP server,
posting screen grabs
of confidential information from
disaster relief satellite effort. He would hack into NASA and other U.S. government agencies several more times, allegedly before he was caught. But not all the parties hacking into NASA's servers were attention-seeking young adults. Comments Mr. Martin, "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives."
The comment hint that China -- which is
investing heavily in its own space effort
-- may have been up to its
stealing U.S. state secrets
. According to government security officials, including Pentagon officials, China has
repeatedly victimized U.S. networks
U.S. agencies have proved woefully incapable of protecting their data against Chinese hackers.
[Image Source: Asia Society]
This has led to the
occasional hollow complaint
from government talking heads, but ultimately the U.S. has exercised measured meekness in accepting that it ultimately has no way of retaliating against the attacks. China holds a portion of the U.S. national debt, but more importantly, the majority of U.S. companies
manufacture their products in China
. To alienate China would be economic suicide.
III. An Epic Failure
But even in terms of the
typical security-deficient U.S. government
equally challenged contractors
, NASA's computer administrators appear to be setting a new standard in inability. Of course, as mentioned, part of this can be attributed to budget cuts and red tape placed upon the agency by Congress. But much of it comes back to the staff, if Mr. Martin's testimony is to be believed.
NASA's IT dept. has veered dangerously down the lower road.
[Image Source: Maintenance Mode]
NASA officials had previously
that U.S. satellites
were hacked in 2007 and 2008
by unknown, likely national-level players. China was mentioned as a prime suspect. But the loss of the codebook to controlling the ISS is a far more embarrassing low for the agency.
His comments seem to hint that it might be time for the CIO to go. And he says that it's vital for NASA to adopt mass encryption. He comments, "Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft."
The IG said NASA must encrypt or it will be embarassed again.
[Image Source: How Stuff Works]
That sounds like pretty sound logic.
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Report: Apple Blacklists The New York Times After iEconomy Report
February 17, 2012, 12:29 PM
Military PIN Number Stealing Virus Reportedly Hails from China
February 3, 2012, 10:23 AM
SpaceX Delays Dragon's First Launch to ISS
January 17, 2012, 9:36 AM
New Bill Urges U.S. Intelligence Agencies to Share Cyber Threat Info with Private Sector
December 1, 2011, 1:04 PM
Gov't Report Warns of Chinese Plans to Cripple U.S. Space Defenses
November 17, 2011, 7:13 PM
PIQ ROBOTTM reveals its new artificial intelligence software
November 29, 2016, 12:59 AM
One more time - Happy Thanksgiving to Everyone Around the World
November 24, 2016, 4:00 AM
Google’s Smart Contact Lens Project gets halted for 2016
November 20, 2016, 7:00 AM
Cell Research Study shows African Americans have greater immune response to infection
November 10, 2016, 1:00 AM
UTHealth Clinical Trial Shows Progress Using Stem Cells to Treat Traumatic Brain Injury
November 8, 2016, 1:00 AM
Uber Partners with Circulation to Pilot Program Connecting Transportation and Digital Health Care
November 6, 2016, 5:00 AM
Most Popular Articles
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Lenovo ThinkPad T460 - Ultra-Thin and Feather-light
March 3, 2017, 6:00 AM
Huawei P8 Lite 2017 – Android 7 Nougat Smartphone with Octa-Core Processor
March 8, 2017, 7:03 AM
Intel Optane SSd DC P4800X – Super Fast 3D Storage
March 20, 2017, 7:35 AM
Latest Blog Posts
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
World New 3-1
Mar 1, 2017, 6:30 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information