NASA Sold Computers Containing Sensitive Data
10 PCs were sold to the public without completely scrubbing information from their hard drives, according to the Office of Inspector General.
December 9, 2010
NASA released 10 PCs to the public without completely scrubbing information from their hard drives, calling into question how the agency disposes of equipment that's no longer in use, according to a report by a government watchdog agency.
In a report (PDF) looking at how NASA disposes of old equipment, the Office of Inspector General (OIG) found "significant weaknesses in the sanitization and disposal processes for IT equipment" at four centers -- the Kennedy and Johnson Space Centers and Ames and Langley Research Centers.
The report was prepared with the end of the Space Shuttle program in mind. The last shuttle flights are scheduled for February 2011, after which the agency will have to dispose of the shuttle and related equipment.
The 10 PCs in question failed sanitization verification testing at Kennedy Space Center, according to the report. The OIG also confiscated four other computers that failed testing but were being prepared for release or sale from the center as well.
The problem may lie in the fact that managers at Kennedy were not notified when computers failed the testing, therefore, released PCs containing NASA data without knowing.
A more significant problem seems to be that no verification testing is being performed at the Johnson or Ames centers, and none of the three centers have been using approved software for sanitizing a computer's hard drive, according to the OIG.
"The weaknesses we identified in NASA's IT sanitization policy and procedures put NASA at risk of releasing sensitive information that could cause harm to its mission and violate federal laws and regulations that protect such information," according to the report.
The OIG has made several recommendations -- including a review of current sanitization procedures to identify and repair weaknesses as well as come up with best practices -- for NASA CIO Linda Cureton to follow to change how it disposes of equipment that's no longer in use.
However, while the agency said it will update its policies and a handbook for procedures by the middle of next year, the OIG thinks NASA isn't addressing the situation with the appropriate level of responsiveness or urgency it deserves.
"Accordingly, we consider the recommendations to be unresolved," according to the report.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024