NASA has come under fire after it accidentally leaked data on 10 computers which it was selling off after they had reached the end of their useful lives in the space agency.
The data stored on the hard drives within each of the computers was considered to be top secret and related to work on the Space Shuttle missions.
NASA conducted an internal study as a result of the data loss and it discovered that current practice does not sufficiently ensure that all sensitive information is completely eradicated during the disposal of aging hardware.
It is in NASA’s data protection policies that all outgoing computer hardware must be completely sanitised, with all relevant data erased, before it can be passed on to any third parties. Ideally, this would make it impossible for any malicious groups to reassemble the data.
The weak link in the current procedural chain seems to be a lack of communication between managers who are responsible for overseeing the sanitisation process and the engineers who test to see whether the data has been completely erased.
The investigative team discovered that in certain situations, managers were not informed if a computer failed to pass verification tests and in the worst cases, there was no kind of testing carried out. Unauthorised software was also found to have been used in attempted sanitisation incidents at the Johnson Space Centres and Langley Research Centres, which have become the centre of the scandal.
NASA IP information was found in plain sight on computers which were being taken from the Kennedy centre and readied for subsequent sale. This piece of information has proved to be particularly worrying for NASA, because with this type of data, it would be easy for a hacker to identify and attack individual NASA IT systems.
The investigation has shown that large organisations around the world are susceptible to data loss as a result of poor communication, human error and lax policy. NASA has not yet explained how it will ameliorate the situation but a shakeup is to be expected.
