NASA: We?ve Been Hacked Thousands Of Times Because Of Inadequate IT Infrastructure

Paul Martin, NASA?s Inspector General, gave written testimony in a House committee earlier this week detailing the security threats faced by their IT infrastructure. The thrust of the document is that NASA needs to double down on cybersecurity but, naturally, needs more money to do so.
Their IT budget is $1.5 billion, but of that only $58 million was spent on security. Considering the enormous network of datacenters, laptops, operations centers, and research labs scattered around the world, this may not be nearly enough. As it is, in the last two years NASA has been hacked thousands of times, some of which resulted in full access to some NASA systems and credentials for 150 employees.
NASA counted 5408 security breaches where some access was given or malicious software was installed. Just in 2011 they had 47 attacks they described as ?advanced persistent threats,? serious attacks by well-funded ?individuals or nations.? Of those, 13 succeeded, and one attack based in China gained complete access to Jet Propulsion Laboratory (JPL) systems ? read, write, delite, add and delete users, modify logs, everything.
Furthermore, they have lost dozens of laptops. And while government-wide, more than half of laptops are encrypted, NASA has yet to implement encryption as standard practice. The result: only one in a hundred NASA laptops is encrypted.
People in security are likely shaking their heads. Encryption of employee laptops and total isolation of root access is something even a small business should be trying to, to say nothing of a major government entity with enormous amounts of sensitive data.
And that?s the point of this report: Martin is saying that NASA is the target of very serious hackers, and their approach to security is wildly out of date. They also are working hard to bridge the gap between security and control and the benefits of cloud computing.
Martin describes the need essentially for modern security: thin clients and cloud computing, a top-down administration of security, 21st-century stan