NASA security audit failings highlight the need for IT security education says Infosecurity Europe show organisers
April 2011 by Infosecurity Europe
As reports that an audit of NASA’s IT resources has revealed that the space giant’s computer systems are at risk of cyber-attack, Claire Sellick, Event Director with Infosecurity Europe, says that this illustrates that almost every IT manager has something to learn on the security front.
"According to an audit carried out by the US Office of the Inspector General (OIG), six servers were found to be potentially open to defacement attacks, denial of service attacks and plain old information stealing attacks," she said.
"What this teaches us is that, regardless of the level of technical expertise - and you would expect the skills of NASA’s IT professionals to be second to none - no one organisation can be expected to be truly confident that their IT systems are protected against the latest hybridised attacks," she added.
According to Sellick, what was revealing about the NASA audit was that the six server-based systems found to be wanting on the security front were apparently responsible for some of the most critical operations at the space agency.
It was also, she explained, interesting to note that certain other vulnerabilities in servers could expose encryption keys, encrypted passwords, and user account information to potential attackers.
Although there will be a touch of Schadenfreude for any IT security professional reading about NASA’s security audit, it is clear that, against a rising tide of new daily and zero-day threats that even the largest IT security vendors are having trouble keeping up with, today’s technology professional really does needs all the help they can to stay ahead of the cybercriminals.
Sellick, whose team has been busy putting the finishing touches to the plans for the Infosecurity Europe Show - which which will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk - said that the NASA security shortcomings show how critical education is in the IT industry.
This is, she says, one of the reasons why, as organisers of the show, her team has spent a lot of time and effort in developing a free show education programme that is unrivalled in the industry.
"Central to this programme will be a roster of events in the Keynote Theatre, supplemented by parallel sessions in the Business Strategy Theatre and the Technical Theatre," she said.
Highlights of the Keynote Theatre, which address the security issues and pressures that organisations face in an increasingly mobile and global working environment, will include a presentation - entitled `Advanced Persistent Threats - Hype Or Reality’ - that will look at this newly-discovered, but potentially serious problem for IT security professionals.
The discovery of APTs was first reported in October 2010. Since that time, a handful of vendors have conducted research in the area, which has led to the discovery of more than 100 threats.
Over the in the Business Strategy Theatre, meanwhile, there are wide range of sessions taking place over the three day event.
Sessions lined up with the show include the `Dangers of Laptops, Smartphones & Social Media to Enterprise Security’ and `Do You See What I See? - Controlling Data Accessed Via Web-Based Applications.’
The Technical Theatre, meanwhile, has an equally interesting and informative range of sessions lined up including `Cybercrime Is Happening All The Time - The Real World View Of Organised e-Crime’ - which will explain why criminals can make more money from electronic crime than their traditional, and equally nasty, physical robberies.
Penetration testing also comes into focus with a topical session hosted by Peter Wood, CEO of First Base Technologies, a pen testing specialist, whose session `Security Testing In An Age Of Austerity’ will explain some of the issues that he and his team have encountered in their travels.
"These sessions - all of which are free to all attendees - are designed to offer the very best in IT security education. And as the widely reported NASA security audit failing so very clearly shows, it is nearly impossible task to make your IT systems 100 per cent resilient against external attack," said Sellick.
"What our free show educational sessions will allow, however, is to bring any IT security professional quickly and efficiently up to speed on the latest threats - and solutions to those threats - allowing them to return to the workplace, ready to develop their own advanced security strategies," she added.
"And in this way, they will be able to not only reduce the risk of a successful attack on their organisation’s IT resource, but also to enhance their overall security posture, which is an excellent result for a day or two spent at the Infosecurity Europe 2011 show."