Congress tells Nasa to continually improve data security following hack admission

A US Congressional subcommittee has called on Nasa to ensure its data protection is constantly updated after the agency admitted hackers gained control of computer systems in 2011

A US Congressional subcommittee has called on the National Aeronautics and Space Administration (Nasa) to ensure its data protection is constantly updated after the agency's inspector general revealed hackers gained control of key systems in 2011.

Paul Broun, chairman of the US House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight is quoted in an online report as saying the threat to Nasa's information security is persistent and ever-changing.

"Unless Nasa is able to constantly adapt, their data, systems and operations will continue to be endangered," Broun said.

Broun's comments follow the agency's inspector general Paul Martin testimony to the sub-committee's hearing on the state of information security at Nasa. Hackers took over Jet Propulsion Laboratory (JPL) computers and compromised the accounts of the most privileged JPL users in 2011, according to the BBC.

In his testimony, Martin said investigators believed the attack had involved Chinese-based internet protocol [IP] addresses and that the attackers had full system access. During the attack, the hackers were able to modify, copy, or delete sensitive files, and upload hacking tools to steal user credentials and compromise other Nasa systems, said Martin.

Nasa had moved too slowly, he said, to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.

Martin said Nasa was a target-rich environment for cyber attacks and that hackers ranged from individuals testing their skill to break into Nasa systems, to well-organised criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services.

Martin revealed that Nasa had logged 5,408 computer security incidents between 2010 and 2011, and reported the loss or theft of 48 mobile computers between April 2009 and April 2011.

In one incident, he said, an unencrypted notebook computer was lost, containing details of the mathematical models used to control the International Space Station.

In the wake of the testimony, Nasa issued a statement saying that. at no point had operations of the International Space Station been jeopardised because of the data breach.

Nasa said it is working to implement the information security improvements suggested by Martin in his testimony.

Read more on IT for small and medium-sized enterprises (SME)