NASA blunder as unsanitised computers sold to public


8 Dec 2010

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A series of computers containing sensitive NASA data have been sold to the public much to the consternation of the US space agency.

According to a NASA investigation that examined the causes of this security blunder, 10 cases have emerged where PCs were sold intact with sensitive data.

The units were being sold as NASA began preparations to wind down its space shuttle operations, the last of which is scheduled for a June 2011 launch.

“We found significant weaknesses in the sanitisation and disposition processes at each of the four centres we reviewed,” reads a NASA statement.

NASA said protocols were not being followed in four of its NASA operations – Kennedy and Johnson space centres and Ames and Langley research centres – and that correct sanitisation (the process of removing data from media involving the overwriting, degaussing or destruction of the media so that it is impossible or nearly impossible to recover the data previously stored there) did not take place in some cases.

Sanitisation verification

“Managers were not notified when computers failed sanitisation verification testing; that no verification testing was being performed.”

Hard drives are normally destroyed before being released to the public but the US space agency said “personnel did not properly account for or track the removed hard drives during the destruction process”, adding that computers were “being prepared for sale on which NASA internet protocol information was prominently displayed”.

This wiping protocol oversight could potentially be costly should such sensitive information fall into the wrong hands as internet protocol information could provide a hacker with the details needed to target specific NASA network assets and exploit weaknesses, resulting in the compromise of sensitive information.

10 computers failed testing

The audit discovered that Kennedy Space Center released 10 computers to the public that had failed verification testing and still contained NASA data.

The space agency is working to rectify these issues and a review of procedures has been initiated and a new handbook will soon replace existing policy.

As the space shuttle programme is nearing retirement after 38 years and more than 130 missions, the disposition of program equipment, including the shuttles themselves, spare parts, and processing and IT equipment, poses a significant challenge, NASA said.