Information Warfare: October 26, 2002

Archives

NASA has always had the most enlightened and capable attitude towards its cyberwar vulnerabilities. With over 120,000 computers on the net, they have a lot to be concerned about. As hacker attacks have increased over the past few years, and a growing number of vulnerabilities are found in Internet software, NASA managers noted that system administrators were unable to keep up with all the required patches to their servers. There was simply too much work for too many people. This was a common situation with government computer systems, since civilian firms can offer better pay and management than the government can. But NASA decided to take an engineers approach to the problem (NASA management has long been dominated by engineers who worked their way up the ranks.) A more thorough hack attack reporting system was installed and the different attacks were ranked by frequency. NASA then ordered their beleaguered systems administrators to concentrate on patching the 24 most common vulnerabilities. In the last two years, there have four lists of the "24 most common vulnerabilities" and NASA kept score of which of it's ten field offices got their systems patched first (to add a competitive angle.) As a result, NASA has some of the most secure computers in the entire U.S. government. But NASA is one of the few government agencies with a lot of technically trained people in management and it's uncertain if the NASA approach can be used elsewhere.