Houston we have a problem… NASA, our amazing national space program, wasn’t built from scratch. To keep startup costs down, the officials in charge of starting the program looked around at what the government already had built (such as military bases, technical design centers, etc.) across the country and cobbled together a network of computers, manufacturing facilities and communications. The first major, purpose built NASA facility came about when Lyndon Johnson was Vice President and selected Houston, in his home state of Texas, to be the official home of NASA. To this day, NASA’s network is located in part in Maryland, Florida, California and Alabama. And because these were existing facilities when NASA acquired them, they mostly had different operating system and database structures. Over fifty years after its inception, not much has changed with NASA’s scattered infrastructure. Houston we have a problem. Between 2010 and 2011 there over 5,400 “computer security incidents”. These “incidents” involved malware being inserted into NASA’s computer systems, unauthorized access to critical systems and 47 documented hacks into the agency’s network, of which 13 actually succeeded. And what does “succeeded” actually mean? It means that the intruders in some way affected the operation of the targeted computers. In one case, "the attackers had full, functional control over our networks." That last quote, from a NASA official, was referring the International Space Station. NASA spends a lot of money every year. In 2010 NASA’s budget was $18.6 billion dollars. About the same as it is today without adjusting for inflation. In 1969, when Neil Armstrong stepped onto the moon, the budget was $2.3 million dollars, about $1.5 billion in 2015 dollars. So if NASA, with their enormous budget, can allow the International Space Station to get hacked, what hope do you have to protect your network? Here are some suggestions:
All of the above suggestions require a financial or time commitment or both. Security can no longer be viewed as a good idea that will be handled down the road. It must be an ongoing effort. New threats by the hundreds are being deployed every day. It is a moving target and not something to be handled by people that aren’t committed to understanding the threats and protecting your business. For a free security assessment of your network please click here.