Nelson to question NASA on security breach, future of U.S. space program
March 6, 2012
Washington D.C. – Tomorrow’s hearing of the Senate Commerce Committee, chaired by U.S. Sen. Bill Nelson (D-FL), is shaping up to be informative and maybe even a little entertaining.
Nelson will have his first opportunity to question Bolden on recent revelations that NASA computers were hacked and mobile devices were stolen that, among other things, resulted in the loss of control codes for the International Space Station.
The committee also will hear testimony from astrophysicist, author and frequent Daily Show guest Dr. Neil deGrasse Tyson, whose thoughts on the future of U.S. space exploration have been generating a lot of attention recently. Tyson, who has been appointed twice to presidential panels examining the future of NASA and the aerospace industry, believes investment in and dedication to space exploration is essential to future economic success.
Wednesday’s hearing was to mainly focus on the President’s budget request for 2013, but new information came to light during a house subcommittee hearing last week. Specifically, NASA’s inspector general testified at a House Science, Space and Technology subcommittee hearing that 48 of NASA’s mobile computing devices were lost or stolen during a recent two-year period. And, foreign intelligence organizations were thought to be behind hackings of NASA computer systems.
In a letter to Administrator Bolden Monday, Nelson asked him to be ready “to answer some of the questions being raised in the wake of [the inspector general’s] testimony.” Additional details of the hearing are below, along with a background article.
Senate Commerce Committee Hearing: “Priorities, Plans and Progress of the Nation’s Space Program”
Senate Russell Office Building Room 253
The hearing will be streamed live on the Commerce Committee website.
Nelson wants NASA to explain cybersecurity lapses (Tallahassee Democrat)
By Ledyard King
12:19 AM, Mar. 6, 2012
WASHINGTON — Sen. Bill Nelson said he wants more answers from NASA following revelations the agency's computers and websites have been compromised thousands of times since 2010.
In one incident, thieves stole a laptop containing the codes used to command and control the International Space Station.
The Florida Democrat, considered among the space program's biggest champions in Congress, wrote NASA Administrator Charles F. Bolden Jr. on Monday, saying he was "troubled" about the concerns first aired by Inspector General Paul Martin at a House hearing last week.
"Given that Defense Secretary Leon Panetta has said the next Pearl Harbor could very well be a cyberattack, these incidents involving NASA require our enhanced attention to cybersecurity policies to protect our space program," Nelson wrote to Bolden.
The senator said he plans to bring the matter up Wednesday when Bolden is scheduled to appear before the Senate Commerce, Science and Transportation Committee to discuss NASA's budget request for fiscal 2013.
"I hope you will come ready to answer some of the questions being raised in the wake of Mr. Martin's testimony," Nelson wrote.
At last week's House hearing, Martin said there have been 5,408 cybersecurity incidents — many foreign-based — involving the space agency during the past two years.
The incidents, which include the installation of malicious software and unauthorized access to NASA systems, have caused disruptions and cost taxpayers millions in missing equipment and repairs.
None, though, have captured critics' attention more than the March 2011 theft of an unencrypted NASA notebook computer that resulted in the loss of the algorithms used to command and control the International Space Station.
NASA spokesman Michael Cabbage said in a statement the agency takes its information technology "very seriously," and operations at the Space Station have never been jeopardized by a data breach.
"NASA has made significant progress to better protect the agency's IT systems and is in the process of implementing the recommendations made by the NASA inspector general in this area," Cabbage said.
Martin told the House panel the agency's vulnerability stems from two issues: It's a high-profile target that generates plenty of sought-after data, and it offers potential hackers a wide array of entry points.
NASA manages approximately 3,400 websites — nearly half of all the federal government's non-defense sites — and is home to some 176,000 individual email addresses. Its assets include 550 information systems that control spacecraft, collect and process scientific data, and enable NASA to interact with colleagues and researchers in other agencies and universities around the globe, according to Martin.
These incidents are among those the inspector general's office says have taken place since 2010:
• Terra and Landsat-7, both Earth observation satellites, "have each experienced at least two separate instances of interference apparently consistent with cyberactivities against their command and control systems."
• An unidentified NASA center released to the public 10 surplus computers connected to the space shuttle program that weren't properly sanitized and may have contained sensitive data.
• Intruders stole credentials for more than 150 NASA employees in one cyberattack, while another intrusion provided hackers access to key information and user accounts at the Jet Propulsion Lab in Pasadena, Ca.
• A Texas man pleaded guilty last year to hacking NASA computers, an incident that prevented some 3,000 registered users from accessing oceanographic data collected by the agency.
NASA has made some progress addressing problems Martin and his office have pointed out in the 21 audit reports his office has conducted over the past five years. Of the 69 recommendations the inspector general has made during that period, all but 18 have been fully addressed, officials said.
Martin said only 1 percent of the agency's laptops and other portable devices have been encrypted to prevent easy deciphering, which he called "very disturbing" given the highly sensitive nature of the information stored on them. More than half of the computers used government-wide are encrypted.