A recent audit of NASA’s computer network found the agency’s infrastructure fraught with security holes, many of which have been known about for months, yet remain unpatched, according to a report by the space agency’s Office of the Inspector General (OIG).
The audit found vulnerabilities that could allow an attacker access to servers that control spacecraft along with servers that store encryption keys, encrypted passwords and user account information, according to a copy of the report, which was posted online.
According to the audit, this isn’t the first time the OIG has evaluated NASA’s security and pointed out its flaws. In May 2010, the OIG suggested NASA implement an “IT security oversight program” for the network in question. Despite agreeing with the recommendation, NASA never installed such a program.
In October of 2009, NASA was cited by another office when the Government Accountability Office found similar problems in their infrastructure. The GAO’s findings suggest the security of user accounts and encrypted information continue to be a problem for the governmental agency.
This week’s audit is the second conducted by the OIG in recent memory. Late last year they discovered NASA had failed to verify the sanitation of their used hard drives before disposing them, in turn compromising raw data.