NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise US national security.
The National Aeronautics and Space Administration spends only $58 million of its $1.5 billion annual IT budget on cyber security, Paul Martin, the agency’s inspector general, told a Congressional panel on NASA security earlier this week.
“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our nation’s competitive technological advantage,” Martin said in testimony before the US House Committee on Science, Space and Technology, released on Wednesday.
He said the agency discovered in November that hackers working through a Chinese-based IP address broke into the network of NASA’s Jet Propulsion Laboratory.
He said they gained full system access, which allowed them to modify, copy, or delete sensitive files, create user accounts for mission-critical JPL systems and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions, he said.
“Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL’s networks,” he said.
In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees.
Martin said the agency has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.
Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station as well as sensitive data on NASA’s Constellation and Orion programs and Social Security numbers, Martin said.