RSS FeedSecurity
NASA sold PCs without wiping sensitive data

NASA sold PCs without wiping sensitive data

Managers did not adequately oversee wiping processes, unapproved wiping software used

By | Computerworld UK | Published 13:40,

NASA has revealed that 10 computers used for its space shuttle program were sold to the public without being wiped of sensitive data.

Another computer that was confiscated before it could be sold contained information on space shuttle-related technology, which was subject to export control by the International Traffic in Arms Regulations.

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

In addition, computers that were being prepared for sale were found at the Kennedy Space Center’s disposal facility with NASA’s Internet Protocal information prominently displayed, which the investigators said could provide hackers with details they needed to target NASA network assets and exploit weaknesses.

NASA was selling the computers as it prepares to retire the shuttle programme after 38 years, with the final space shuttle flight scheduled for June 2011.  

In an internal review, the space agency found that the Kennedy and Johnson Space Centers and the Ames Research Center use software to wipe equipment before disposing of them. Langley Research Center did not require this technology because it removed hard drives prior to disposal. However, the Kennedy centre was the only one that had a testing process in place to verify that disks were wiped, as required by NASA policy.

Nonetheless weaknesses were identified in all four centres’ “sanitisation” policies.  

For instance, Kennedy, Johnson and Ames were using unapproved wiping software, Langley did not properly account for or track removed hard drives, and Kennedy managers were not notified when computers failed sanitisation verification testing.

It was flaws in the Kennedy centre’s verification process that resulted in the sale, and near sale, of the computers still containing sensitive data.

“This occurred because NASA managers are not adequately overseeing sanitisation and disposition processes,” the space agency’s office of inspector general said in its report, ‘Preparing for the space shuttle program’s retirement: A review of NASA’s disposition of information technology equipment.”

“NASA’s sanitisation policies are incomplete and responsible personnel did not consistently follow or were unaware of applicable policy.”

The independent investigators have recommended NASA’s CIO carry out further reviews, take remedial actions and share best practices.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Does your company use managed print services?

Question of the day!

Does your company use managed print services?


% of Computerworld UK readers agree with you


Yes
TBC
No
TBC

What benefits do you believe managed print services offer?

123 characters remaining

Follow the conversation at @Think_Print

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *