The Voyager Probe Illustration ” width=”442″ height=”293″ class=”article_img”/>
We Speak to Voyager's Probe If You Wonder
NASA's Jet Propulsion Lab still has "many IT weaknesses in control security ", which set out" cybercrime systems and data ", despite warnings earlier this year.
Following a strongly worded letter sent in March, a warning that NASA is generally suffering from cyber-security problems, the NASA Office of the Inspector-General (OIG) has already published a detailed report (PDF)
His findings are not large. The JPL's internal inventory database is "incomplete and inaccurate," which reduces its ability to "monitor, report, and respond to security incidents" due to "reduced visibility in network-connected devices."
Houston, we had a problem: NASA is afraid of an internal server, personal information about the staff moved by villains
A Sisammin told inspectors that he maintained his own Parallel spreadsheet The technical security database system "because database updating sometimes does not work."
The April 201
] Key Network Gateway Between JPL and Shared IT environment used by partner agencies "was not properly segmented to restrict users only to those systems and applications for which they have approved access." Moreover, even when JPL employees opened tickets with the help of the Security Information Office , some of them took up to six months to be resolved – potentially leaving out-of-date "outdated security controls that expose the JPL network to cyberattache exploitation."
At least 666 tickets with a maximum weight rating of 10 were opened during the visit, the report reveals. More than 5,000 were open.
Indeed, such a cyber hit hit NASA as early as December. Sensitive personal data of employees who worked for the US space agency between 2006 and 2018 were removed from the program servers – and NASA needed two months to tell the affected people.
Even worse, JPL is not an active threat. hunting process, despite its apparent appeal to state-level opponents, and incident response exercises "deviate from NASA and recommend industrial practices." The JPL itself acts as a silo at NASA, as OIG states: "NASA officers [did not] have access to the JPL Incident Management System."
Perhaps this report will be a wake-up call, which NASA as a whole, and JPL in particular need to strengthen its act. ®