NASA Starts New Life with IT Policy Reform After Data Breach

Bob Styran, IT audit expert
December 09, 2010 /

National Aeronautics and Space Administration (NASA) Kennedy Center vowed to revamp its IT policy in disposing of IT materials after an audit of NASA Office of the Inspector General (OIG) has found data breach in the space center’s sale of its ten computers that contained sensitive data including NASA’s Internet Protocol (IP) information which could enable hackers to infringe its system.

The selling of the IT materials, being part of NASA’s winding down, without removing sensitive data revealed lack of personnel orientation with the rules in disposing of IT materials and insufficient regulations in the process itself, the OIG audit said.

The other NASA facilities cited by the audit to have committed data breach were the Johnson Space Center in Texas, Ames Research Center in California, and the Langley Research Center in Virginia.

Managers at the Johnson and Ames Space Centers did not conduct any tests on the computers before disposing them of while personnel at the Langley Research Center did not keep track of the removed hard drives, the audit reported.

The OIG raised its concern that there might still be pieces of information left on the computers sold other than NASA’s IP data given the space center’s performance in releasing its materials.

The audit, which was released earlier this week by NASA inspector general Paul Martin, also said that the data breach that transpired had put NASA’s missions at risk and may result in violations against federal laws that regulate these matters. Linda Cureton, NASA’s chief information officer, confirmed the proposed changes in the sanitization process of NASA’s IT equipment, adding that the space center would release its new handbook for employees by July 2011.

But OIG raised doubts the proposed reform in the IT policy of NASA would be strong enough to respond to the data breach.

 

Share your opinion