X

NASA sold PCs with sensitive data

Space agency neglects to wipe sensitive info from surplus computers sold as part of its efforts to shut down the Space Shuttle program, according to an audit.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
See full bio
Lance Whitney
2 min read

NASA failed to remove sensitive data from computers that it sold, according to an audit report released this week.

The agency has been selling off computers, hard drives, and other equipment associated with the Space Shuttle program as it winds down.

But the audit (PDF) by the NASA Office of the Inspector General (OIG) found security breaches at four NASA facilities: the Kennedy and Johnson Space Centers and the Ames and Langley Research Centers.

Specifically, the audit discovered that 10 computers from the Kennedy Center were released to the public even though they still contained sensitive NASA data and had failed verification testing as part of their disposal process. Another four computers with data were confiscated before they were sold.

Further, computers at the Kennedy Center's disposal facility being prepped for sale displayed NASA IP (Internet protocol) information, which could easily give a hacker a way to break into a NASA network.

The audit also found that although hard drives were destroyed at the Langley Center before they were released to the public, NASA personnel failed to account for or keep track of the removed hard drives.

Overall, the audit determined that not only were some personnel at NASA unfamiliar with the policies for disposing of IT equipment, but that some of the policies themselves were inadequate.

"Our review found serious breaches in NASA's IT security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs," NASA Inspector General Paul Martin said in a statement.

In response to the findings of the Inspector General's Office, the Kennedy Center has proposed changes in its policy. However, in its report, the OIG said it doesn't consider those changes to be a strong enough response to its recommendations and further believes that NASA management doesn't feel a sense of urgency to fix the security issues found in the audit.

The NASA Office of the Inspector General is an independent agency charged with investigating fraud, waste, abuse, and other issues at the space agency. Many other federal and local government departments are also audited by an Inspector General's office to uncover similar problems.