Computer Security: Unauthorized Access to a NASA Scientific Network

IMTEC-90-2 Published: Nov 13, 1989. Publicly Released: Dec 18, 1989.

Highlights

Pursuant to a congressional request, GAO reviewed the National Aeronautics and Space Administration's (NASA) Space Physics Analysis Network (SPAN), focusing on: (1) SPAN characteristics; (2) instances of unauthorized use of the SPAN system; and (3) steps NASA took to minimize unauthorized SPAN use.

Recommendations

Recommendations for Executive Action

Agency Affected	Recommendation	Status
National Aeronautics and Space Administration	The Administrator, NASA, should ensure that a risk analysis of SPAN is performed and documented. On the basis of this analysis, NASA, in cooperation with SPAN users, should develop an approach for ensuring that the security measures resulting from the risk analysis are implemented by SPAN managers and users. In this regard, NASA should continue to report the computer security area as a material internal control weakness in this year's report to the President and Congress, and discuss the actions that will be taken to correct the weakness.	Closed – Implemented A risk management plan has been prepared and is being implemented.

Full Report

Full Report (19 pages)

Office of Public Affairs

Chuck Young

Managing Director

youngc1@gao.gov

(202) 512-4800

Topics

Information Security

Aerospace researchComputer crimesComputer equipment managementComputer networksComputer securityComputer security incidentsConfidential communicationsHackersInformation systemsPhysical sciencesReporting requirementsUnauthorized access