NASA Sold Computers Containing Sensitive Data

10 PCs were sold to the public without completely scrubbing information from their hard drives, according to the Office of Inspector General.

NASA released 10 PCs to the public without completely scrubbing information from their hard drives, calling into question how the agency disposes of equipment that's no longer in use, according to a report by a government watchdog agency.

In a report (PDF) looking at how NASA disposes of old equipment, the Office of Inspector General (OIG) found "significant weaknesses in the sanitization and disposal processes for IT equipment" at four centers -- the Kennedy and Johnson Space Centers and Ames and Langley Research Centers.

The report was prepared with the end of the Space Shuttle program in mind. The last shuttle flights are scheduled for February 2011, after which the agency will have to dispose of the shuttle and related equipment.

The 10 PCs in question failed sanitization verification testing at Kennedy Space Center, according to the report. The OIG also confiscated four other computers that failed testing but were being prepared for release or sale from the center as well.

The problem may lie in the fact that managers at Kennedy were not notified when computers failed the testing, therefore, released PCs containing NASA data without knowing.

A more significant problem seems to be that no verification testing is being performed at the Johnson or Ames centers, and none of the three centers have been using approved software for sanitizing a computer's hard drive, according to the OIG.

"The weaknesses we identified in NASA's IT sanitization policy and procedures put NASA at risk of releasing sensitive information that could cause harm to its mission and violate federal laws and regulations that protect such information," according to the report.

The OIG has made several recommendations -- including a review of current sanitization procedures to identify and repair weaknesses as well as come up with best practices -- for NASA CIO Linda Cureton to follow to change how it disposes of equipment that's no longer in use.

However, while the agency said it will update its policies and a handbook for procedures by the middle of next year, the OIG thinks NASA isn't addressing the situation with the appropriate level of responsiveness or urgency it deserves.

"Accordingly, we consider the recommendations to be unresolved," according to the report.

About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights