NASA sold PCs without wiping sensitive data

NASA has revealed that 10 computers used for its space shuttle program were sold to the public without being wiped of sensitive data.

Another computer that was confiscated before it could be sold contained information on space shuttle-related technology, which was subject to export control by the International Traffic in Arms Regulations.

In addition, computers that were being prepared for sale were found at the Kennedy Space Center’s disposal facility with NASA’s Internet Protocal information prominently displayed, which the investigators said could provide hackers with details they needed to target NASA network assets and exploit weaknesses.

NASA was selling the computers as it prepares to retire the shuttle programme after 38 years, with the final space shuttle flight scheduled for June 2011.

In an internal review, the space agency found that the Kennedy and Johnson Space Centers and the Ames Research Center use software to wipe equipment before disposing of them. Langley Research Center did not require this technology because it removed hard drives prior to disposal. However, the Kennedy centre was the only one that had a testing process in place to verify that disks were wiped, as required by NASA policy.

Nonetheless weaknesses were identified in all four centres’ “sanitisation” policies.

For instance, Kennedy, Johnson and Ames were using unapproved wiping software, Langley did not properly account for or track removed hard drives, and Kennedy managers were not notified when computers failed sanitisation verification testing.

It was flaws in the Kennedy centre’s verification process that resulted in the sale, and near sale, of the computers still containing sensitive data.

“This occurred because NASA managers are not adequately overseeing sanitisation and disposition processes,” the space agency’s office of inspector general said in its report, ‘Preparing for the space shuttle program’s retirement: A review of NASA’s disposition of information technology equipment.”

“NASA’s sanitisation policies are incomplete and responsible personnel did not consistently follow or were unaware of applicable policy.”

The independent investigators have recommended NASA’s CIO carry out further reviews, take remedial actions and share best practices.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now