Bill remembers having discussions with a NASA official years ago that set off red flags with him regarding policies and processes (or rather the lack of them) on the NASA network.
I also had a chance to speak with folks from NASA a few years back. Actually I was not interviewing them for a press opp, but instead was looking at potential security business for StillSecure. Also back then I spent a lot of time speaking to folks at the DOE Labs like Los Alamos and some of the people from DOI and US Geological Survey.
All of these folks had somewhat of a common view towards information security and data security. They viewed themselves and what they do as scientists doing science. In their mind science is best done by sharing. Therefore the idea of “locking up” the data and making it hard for people to access was anathema to them.
If they think the whole idea of restricting access to the data is wrong, you can imagine how they feel about security. Why do they need it? They want people to be able to share and help advance the science.
While it is a noble view and I understand how they feel, obviously it does not take into account how some people in the world operate. The folks from NASA would never think that someone would actually want to blow up a shuttle. The USGS wants everyone to see the data from the seismic monitors they have on the bottom of the ocean. The scientists at Los Alamos, well lets leave that alone for now.
So I am not surprised to hear about NASA’s vulnerabilities either. It is a cultural thing in an agency with a scientific culture. It is up to the security folks there though to put the controls in place that will keep it all safe or science be damned.