The International Business Times reports, in an article by Gabriel Perna dated March 29, 2011, that a recent audit by the Office of the Inspector General found that  NASA's servers contain several vulnerabilities rendering the space agency open to a crippling cyber attack.

Inspector General Paul K. Martin stated that "[w]e found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet. Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable." 

According to the report, NASA's Agency-wide mission network is made up of more than 190 IT systems situated throughout the United States.  "Included in these 190 IT assets are computer systems and projects that control the Hubble Space Telescope, the Space Shuttle [and] the International Space Station. . . . "  The report indicates that a breach of any one of these 190 IT assets would render all of them available to the attacker.  

The OIG report cites past data breaches.  For example, in January 2009, "cybercriminals stole 22 gigabytes of export-restricted data from the Jet Propulsion Laboratory computer system.  The sophistication [of this and other attacks] confirms that they were focused and sustained efforts to target assets on NASA's mission computer networks."

In response to the OIG report, Linda Y. Cureton, Director of Information Technology at NASA, said that "'[t]he NASA CIO will work with the Mission Directorates and Centers to develop a comprehensive approach to ensure Internet-accessible computers on NASA's mission networks are routinely identified, vulnerabilities are continually evaluated, and risks are promptly mitigated.'"

The entire report from the Office of the Inspector General is available at the link provided above, or here.  The entire article from International Business Times is available at the link provided above, or here. 

The International Business Times reports, in an article by Gabriel Perna dated March 29, 2011, that a recent audit by the Office of the Inspector General found that  NASA's servers contain several vulnerabilities rendering the space agency open to a crippling cyber attack.

Inspector General Paul K. Martin stated that "[w]e found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet. Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable." 

According to the report, NASA's Agency-wide mission network is made up of more than 190 IT systems situated throughout the United States.  "Included in these 190 IT assets are computer systems and projects that control the Hubble Space Telescope, the Space Shuttle [and] the International Space Station. . . . "  The report indicates that a breach of any one of these 190 IT assets would render all of them available to the attacker.  

The OIG report cites past data breaches.  For example, in January 2009, "cybercriminals stole 22 gigabytes of export-restricted data from the Jet Propulsion Laboratory computer system.  The sophistication [of this and other attacks] confirms that they were focused and sustained efforts to target assets on NASA's mission computer networks."

In response to the OIG report, Linda Y. Cureton, Director of Information Technology at NASA, said that "'[t]he NASA CIO will work with the Mission Directorates and Centers to develop a comprehensive approach to ensure Internet-accessible computers on NASA's mission networks are routinely identified, vulnerabilities are continually evaluated, and risks are promptly mitigated.'"

The entire report from the Office of the Inspector General is available at the link provided above, or here.  The entire article from International Business Times is available at the link provided above, or here.