NASA servers used to control spacecraft are vulnerable to cyber attack via the Internet, warned a report released Monday by NASA’s inspector general following an audit of the space agency’s network security.
“We found that computer servers on NASA’s agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet,” the report read.
“Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable.”
“Moreover, once inside the agency-wide mission network, the attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report read.
The audit also uncovered “network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers. These data are sensitive and provide attackers additional ways to gain unauthorized access to NASA networks.”
“These deficiencies occurred because NASA had not fully assessed and mitigated risks to its Agency-wide mission network and was slow to assign responsibility for IT security oversight to ensure the network was adequately protected.”