Like a lot of organisations, NASA’s doing its best to keep up with the times and move its computer systems onto the cloud. Like only a government agency can do, it’s failing fantastically at doing so securely.
A review released on Monday by NASA’s inspector general had nothing good to say about the space agency’s cybersecurity situation. The report found that a large number of cloud initiatives suffered from dangerously poor security, so poor that they would have “severe adverse effects” on NASA if compromised. Out of five contracts reviewed, “none came close” to offering adequate cybersecurity. On top of that over 100 of NASA’s internal and external websites were found to have no security measures in place whatsoever.
This shouldn’t be so surprising. NASA’s historically terrible at cybersecurity. Seriously, it seems like the space agency gets hacked every other week. In February of this year, for example, Anonymous hit NASA and leaked a bunch of data. That looks like child’s play compared to last year, when NASA admitted to thousands of breaches due to lack of security. Heck, a 15-year-old hacker even broke into NASA back in 1999 and shut down the computers that run the International Space Station for nearly a month. That’s just to name a few security breaches.
If you’re rooting for NASA’s success, the good news is that the government is on this problem. Earlier this year, US President Obama issued an executive order for all agencies to beef up their cybersecurity protection as part of his larger cybersecurity initiative. It’s too bad about all that NSA spying business, though, because now the very hackers that would be the ones to help improve the cybersecurity on these systems don’t want anything to do with the US government and banned several agencies from attending DEF CON this year. But there’s always next year! [NASA via The Verge]