Rueters
http://www.reuters.com/
By Irene Klotz
Originally published Dec 10, 2010, retrieved Jan 19, 2011
Go to original article
Failure to delete information was ‘serious’ security breach, audit finds
CAPE CANAVERAL, Florida — NASA failed to delete sensitive data on computers and hard drives before dispensing with the equipment as part of its plan to end the Space Shuttle program, an audit released on Tuesday shows.
The Office of Inspector General found what it termed “serious” security breaches at NASA centers in Florida, Texas, California and Virginia.
“Our review found serious breaches in NASA’s IT (information technology) security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs,” NASA Inspector General Paul Martin said in a statement.
“NASA needs to take coordinated and forceful actions to address this problem.”
The report cites 14 computers from the Kennedy Space Center that failed tests to determine if they were sanitized of sensitive information, 10 of which already had been released to the public. It also found that hard drives were missing from Kennedy and from the Langley Research Center in Virginia. Some of the Kennedy hard drives were later found inside a dumpster that was accessible to the public, the audit says.
Investigators also found several pallets of computers being prepared for sale that were marked with NASA Internet Protocol addresses.
“Release of Internet Protocol information could lead to unauthorized access to NASA’s internal computer network,” the report said.
NASA said it would update policies and issue a new IT security handbook by June 2011, a response the Inspector General’s office found lacking.
“(NASA’s) response did not reflect the sense of urgency we believe is required to address the serious security issues uncovered by our audit,” the report said.
NASA is dispensing with thousands of surplus items as it prepares to end the space shuttle program next year.
Copyright 2011 Thomson Reuters.