IT/Web: July 2014 Archives

Hacker Breached NOAA Satellite Data From Contractor's PC, NextGov

"National Oceanic and Atmospheric Administration satellite data was stolen from a contractor's personal computer last year, but the agency could not investigate the incident because the employee refused to turn over the PC, according to a new inspector general report. This is but one of the "significant security deficiencies" that pose a threat to NOAA's critical missions, the report states. Other weaknesses include unauthorized smartphone use on key systems and thousands of software vulnerabilities."

Significant Security Deficiencies in NOAA's Information Systems Create Risks in Its National Critical Mission, NOAA

"We found that (I) information systems connected to NESDIS' critical satellite ground support systems increases the risk of cyber attacks, (2) NESDIS' inconsistent implementation of mobile device protections increases the likelihood of a malware infection, (3) critical security controls remain unimplemented in NESDIS' information systems, and (4) improvements are needed to provide assurance that independent security control assessments are sufficiently rigorous."

Audit of the Space Network's Physical and Information Technology Security Risks, NASA OIG

"With regard to physical and IT security, we found NASA has not ensured security controls are in place on certain wide area network infrastructure, needs to clarify waiver requirements for IT security controls and mitigations, and should take additional steps to ensure that long-standing physical security risks are addressed. We also found that the Space Network is not using NASA's Agency Consolidated End-User Services (ACES) contract to obtain administrative computers and associated end-user services and therefore may be spending more than necessary for equipment and services without realizing the operational and security benefits of systems provided through ACES."

NASA OIG: NASA's Independent Verification and Validation Program

"We found that by continuing to occupy and maintain the West Virginia facility, NASA is paying more than necessary in O&M expenses, which leaves the Agency with less funding to perform actual IV&V services on NASA software projects.  We estimated the Agency could save as much as $9.7 million between FYs 2015 and 2018 if the IV&V Program took steps to reduce costs associated with the facility. In order to make additional funds available for review of mission-critical software, we recommended NASA analyze alternatives for reducing occupancy costs associated with the facility, including abandoning the facility and moving staff to an existing NASA Center or relocating the staff to a nearby office building that would cost significantly less. We determined that NASA was not legally obligated to pay O&M expenses associated with the building it currently occupies, but rather has chosen to pay these expenses over the last 20 years.  In our judgment, continuing this arrangement does not make fiscal sense for NASA, particularly when the Agency has more projects needing IV&V services than the current budget can accommodate."

NASA OIG: Security of NASA's Publicly Accessible Web Applications

"NASA Inspector General Paul K. Martin released a report today evaluating NASA's effort to safeguard its Internet-accessible web applications. These applications consist of hundreds of websites NASA uses to share scientific information with the public and collaborate with research partners, as well as login portals and administrative systems that provide authorized personnel with remote access to Agency IT resources."


Loading

 



Monthly Archives

About this Archive

This page is an archive of entries in the IT/Web category from July 2014.

IT/Web: May 2014 is the previous archive.

IT/Web: August 2014 is the next archive.

Find recent content on the main index or look in the archives to find all content.