Challenges NASA in Cyber Crime
Challenges NASA is Faced with
NASA has been a victim to cyber crime lately. The hackers have gained access to security information of NASA IT systems and corrupted several files. This trend is worrying, and unless something is done, NASA faces serious information crises. It is also vital to determine, where the problem began. Was it foreseeable? Is it an inside job? These are some of the questions that top administration at NASA is facing. Office of Inspector General (abbreviated simply as OIG) is dedicated to dispensation of aggressive and independent oversight of NASA. The dedication by NASA to secure its IT resources cannot be overstated. However, in doing this, NASA is faced with serious challenges like loss of the Agency’s systems and information from malicious thefts and inadvertent loss. The challenges have been:
- Unawareness of NASA’s IT security exposure
- Challenges in implementing consistent IT security monitoring approach
- Slow speed of encrypting NASA’s mobile devices and laptop computers
- Combating sophisticated cyber attacks
- Shift to advantages assumed by cloud computing.
NASA spends close to $ 58 million annually on IT security, or even above these funds, depending on other logistics. Given the sensitive information some of NASA’s systems carry, theft or loss of information results in considerable financial losses, which affects national security. It also impairs the nation’s competitive advantage in technology. Some of the cyber attackers are highly skilled and could massively disrupt NASA’s operations since IT networks and systems are significant to NASA’s performance. NASA is usually targeted since it has large IT networks, and the networks contain crucial technical information that the attackers are seeking, with the goal of compromising operations at NASA, so that they could further their criminal activities (Chittister & Haimes, 2011). Since NASA majorly works on scientific information, disruption of the IT networks poses a major challenge to scientific information, which are highly valued. Between the years 2010- 2011, around 5408 cyber crime incidents were reported. There were installations of malicious and suspicious software and access to IT networks, which were not authorized. These were done mostly for profits and were believed to have been financed by extrinsic intelligence, so as to compromise NASA’s security information. These have affected many computers and disrupted mission operations.
NASA’s Risks in Cyber Attack
Loss of sensitive data has robbed NASA of about $ 7 million. OIG is charged with looking into such cases and providing long term solutions that will prevent future crimes. OIG devotes most of its time and resources to protecting the IT systems. Investigations have been heightened and have led to convictions and arrests of the cyber attackers. Most of the offenders have originated from China, Nigeria, Romania, Turkey, Portugal, and Italy. The major challenge though is coupled with oversight authority of Chief Information Officer to control key facets of NASA IT systems. In order to deal with the cyber crime menace articulately, the CIO must have significant authority to ensure that the NASA assets comply with recommended IT procedures and policies. Risk determination and risk acceptance must be taken seriously and assessed with urgent speed, so as to avert further damage to NASA’s security networks and systems. The lack of IT security control is also one of the challenges faced at NASA. High risk technical vulnerability is an area that should be enforced. NASA’s IT systems need to be effectively analyzed for proper IT governance, in order to optimize compliance, risks, mission success, and costs.
Advanced persistent threats have plagued NASA’s information security. These are well organized individuals who are funded by foreign intelligence agencies. In 2011 reported 17 such attacks. In one of such attacks, intruders burgled personal information of around 150 employees at NASA. The JPL cyber attack involved Chinese-based IP address. The hackers were able to gain access to major JPL sensitive user accounts and JPL systems. They were then at liberty to delete files, add or modify user accounts. Given the sensitive nature of information in critical JPL systems, the results could be disastrous. They could also upload hacking tools that they would use to steal information about the progress of NASA. The hackers are becoming smarter, even complicated by the day.
In November 2011, OIG worked with the FBI on disentangling a cybercriminal network that disguised itself as “Rove Digital”, an Estonian Company. The fraud scheme spanned 100 countries, and 4 million computers were infected. The USA alone witnessed 500,000 such cases involving about 130 NASA computers. The OIG made considerable gains in the fight against cyber crime. Its integrated Security Operations Center provide NASA with monitoring and detection of cyber threats, communication with IT security agencies and updating information on its progresses in fighting cyber-crime. It has centralized information system for storing, managing and reporting suspicious activities. NASA has a computer Emergency team with a hotline for reporting potential threats. Cloud computing is a major gaining that NASA has made. It will go a long way in protecting NASA’s information systems. NASA’s OIG and IT security have stepped up efforts to combat every facet of cyber security threat. A Swedish International was indicted with stealing Cisco Systems in 2009.
Cyber threat security is important to any country. The USA, for instance, lays much emphasis on cyber crime prevention. It is top in its security list. Other countries are following in the footsteps of the USA, as well (United States IRMO, 1990). It is highly important to protect sensitive information of countries security systems. Hackers must be stopped at all cost. NASA was able to intervene, involve the FBI and other security providers to curb cyber crime. To date, it has investigated many cybercrime incidents and convicted the culprits. The OIG and SOC have been instrumental in reviewing communication loopholes and establishing an independent monitoring and detection of potential threats within its systems.