Houston, we have a problem!
NASA said hackers stole employee credentials, gained access to mission-critical projects and could compromise national security.
NASA’s Inspector General Paul Martin testified in a report before the Subcommittee on Investigation and Oversight, House Committee on Science, Space, and Technology entitled NASA Cybersecurity: An Examination of the Agency's Information Security.
According to the statement, more than 5,000 security breaches happened last year in 13 major networks.
"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems. These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives."
Martin wrote that NASA spends more than $1.5 billion annually on its IT-related activities, including about $58 million for IT security.
Some of those threats were more dangerous than others.
Alan Bergman, owner of Area Computers, said he has worked with computers for 20 years.
“In NASA’s case, they [hackers] want the data, they want to know as much about our space program as possible without investing the time or money to develop their own technology. They are getting it from us as a freebie, in other occasions it’s just another way to undermine the economy of the United States,” Bergman speculated.
Leaders at the Kennedy Space Center said in 2010 they had 973 "security events," and 463 in 2011.
They attributed the substantial drop from 2010 to 2011 to a number of strategies that include:
- a) More aggressive patching of the Kennedy Space Center Information Technology systems against vulnerabilities in the software used, especially in the early stages of the discovery of these flaws.
- b) Increased speed of blocking access to the internet sites that host the exploits to slow the rate of exposure to the end users to these threats.
- c) Increased User IT Security awareness and training. In the past, most users would have opened a strange email without a second thought. Now there’s often a reported event and issues are prevented before ever having a meaningful consequence.
KSC officials stated "as the reach and access of the Kennedy Space Center Information technology environment is worldwide, with customers and partners in the corporate, academic, public and international domains, so too is the exposure to threats.”
“I think they do their best to keep it secure but the most secure way to keep it is not to have it on the internet. I think they do encrypt it as much as humanly possible, but I also think 24 hours a day, 7 days a week there is someone trying to get at that data,” said Bergman.
There have been hackers arrested in China, Great Britain, Italy, Portugal, and Romania, among other countries.