According to the testimony during 2007 and 2008, NASA reported over 1100 realized exploits where non-authorized access was obtained on sensitive information and malicious code was installed on NASA systems.
The deficiencies present real and credible dangers to NASA personnel and their operations. With these exploits, the opportunity to access, modify, or delete "mission critical" information is quantifiable.
If true, Ms. Chaplain's provides a ray of hope for the embattled organization:
"The deputy administrator also stated that NASA will continue to mitigate the information security weaknesses identified. The actions identified by the deputy administrator, if effectively implemented, will improve the agency's information security program."It is typical for businesses and government organizations to be concerned about the integrity of their data, but few other scenarios could create a more tangible need for the availability and accuracy of their assets than in a multi-billion dollar venture where lives are at stake.
Let's hope that future news about NASA's IT Security is lauding their standing as an InfoSec role model rather than trying explain its role in a tragedy.