An awful lot of people in this thread have quick and simple "just do this" solutions for NASA's data encryption challenges.
NASA isn't your standard corporate environment - there are serious challenges to any "Just do X" solution. They DO need to encrypt everything but its not a simple single-answer thing. They have to accommodate every scenario from "HR newbie with PII data in an office envrionment" to "Laptop collecting data on a C-130 as it flies through hurricanes" to "Laptops controlling robots in the desert during field tests sulating Martian environments".
In many of those cases a laptop with broken encryption software means millions of wasted dollars if the experiment is a wash.
In other cases NOT having crypto means serious secrecy issues.
Anyway, there's no excuse for this loss but could we please stop pretending that NASA literally never considered DAR on mobile devices, and that simply doing {your favorite product} on everything would solve all the problems?
Wow, do you bring the servers with you when you go do field tests of your robot in the desert? Or on the plane when you're doing hurricane fly-through ops?
Wait, you don't have those kinds of complexities in your corp? Interesting.
I wonder if NASA is a really complicated and nuanced sort of place and how that might provide challenges for these sorts of seemingly trivial things.
Hi all; I actually work for NASA as an IT Security guy.
While I can't answer specifics about this incident, you should remember that a great many things done by NASA are "General Science", and the data output from them is specifically and consciously made public.
It's possible that the FTP server is meant to be serving those files "to the public".
Why FTP instead of SFTP? Usually when you choose to make data public to the world, you don't bother implementing crypto on the data. And just because it's available via FTP for distribution, does not mean insecure FTP was used to *place* the data on the server.
You're quite right, actually. I didn't really want to go into all that detail with my post though, and knowing the "average" IT guy I think I'm still safe saying that they'd say "Hey, that should be in a datacenter!".;)
Before everyone gets all spun up on government waste, inefficiency, etc - I'd like to point out that numbers like these are never accurate. (For the record, I work for the feds, in the IT field).
The problem with "The feds have X datacenters" as a metric is that various audits occur at different times and by different auditors. These auditors almost always have differing definitions for what a datacenter actually is.
In one audit, a group can come through and define "Datacenter" as a big room where servers are co-located and services run on behalf of others. They'll find 2 at my center. Then a year later, a different group comes in and defines "Datacenter" as anywhere that more than 5 computers are running and left on all night. They'll find 200 at my center. Yes, this actually happened! The auditors came through dozens of science labs, found project servers sitting in the labs, and labeled each lab a datacenter.
Now here is the trick to why the statistics are complete mush. A normal IT guy would walk through the lab and say "Hey, that server should be in a datacenter!" -- but the auditors make the reverse conclusion. "Hey, this lab is a datacenter".
Yes, there is waste in the federal sphere and we absolutely need to take action to be more efficient at all levels. However, this article is basically pushing a number that came from someones' imagination, and pretending it's meaningful.
Duh, how could I not think of a prompt + whitelist.:P
Then again, that presents the "NoScript" problem. While techies generally tend to use noscript, I pretty much see non-techies clicking "Temporarily allow all this page" on every page they visit that "doesn't work right" without even looking at the URL lists. So, a prompt to whitelist content would probably just get the same treatment. Better than status quo I suppose, but not a panacea either.
If one strace's the chrome flash plugin process one discovers that in 10 seconds it issues 56,000 system calls -- 53,000 (95%) of them are useless gettimeofday() calls
Per my co-worker: That's probably why flash sucks so bad on MacOS. Apple won't give them the time of day!
One of the well documented problems is that if you cut wood that is "too wet" then the brake will activate, thinking that it's hit flesh.
So really the article should say "Each time you cut wood that's too damp (which you have no way to determine beforehand) you pay $169 to replace the blade and brake". That puts into focus why some woodworkers who know how to be careful do not WANT the safety feature.
Sounds like an excellent idea for foreign espionage. Set up a private shell company, then invite a bunch of former officials who know exactly how the real systems work, to get together in a hotel you've bugged and start pretending they're responding to a cyber attack of some sort.
Official1: "Call the NSA Task force Orange, tell them to begin operation Stork." ForeignAgent: (making notes) Operation Stork.... NSA... means X..."
FYI, NASA does not have a pension plan and has not for years. Lately, we're all on the "TSP" - Thrift Savings Plan. It's the government equivalent of the 401k.
There's another important factor in the paranoia about data breaches and risk that's often VERY overlooked.
As part of the chain of responsibility, the CIO community (the individual CIOs at the 11 NASA centers, and the federal CIOs in general) are very risk-averse. Why might that be? Well, in addition to the normal slamming your agency has to endure if there's a data/privacy breach, the CIOs and decision makers may also be civilly or criminally liable for negligence if it can be shown that they were permitting workplace practices that went against federal regulations. A few CIOs that I know are actually carrying personal liability insurance (out of their own pockets) to cover themselves in case such accusations are leveled.
Now, imagine you're the person tasked with pushing the envelope technologically (Hey, it's what NASA does) but the only thing your bosses ever remind you of is that it's your ass on the line if anything is ever breached, inappropriately stored or transmitted, etc -- and that fines and jail time aren't out of the question. That's enough to make someone pretty risk-averse!
To follow up on this (Disclaimer: I am a NASA employee), NASA and other federal agencies are prohibited by policy and law from transmitting or storing many of our data types on non-government owned hardware and networks. (Transmitting of course can be done if it's tightly encrypted). Processing our data on private servers is strictly prohibited in many cases.
The most frequently cited laws and policies which dictate this are FISMA and OMB M-06-16, but there are many others. Employees are even prohibited from doing team collaboration with things like Google Docs, because information which is not yet deemed to be sensitive (say, an immature design for a propulsion system) might become very sensitive, and once it's "out" it is out for good.
Like it or not, there's a lot of other countries with developing missile programs, communications programs and many other technologies which have dual civilian and military use, and NASA is charged by congress with keeping technology that may have military applications out of foreign hands.
If Nebula is able to perform as well as clouds such as EC2 and the like, and allow NASA and other federal agencies to do cloud style processing within the government sector, it could save HUGE amounts of taxpayer money that's otherwise legally obligated to be "Wasted".
I'm an IT Security guy, and am part of a union. Our parent organization is the IFPTE -- International Federation of Professional Trade Engineers. I'm sure you could contact them about unionization at your workplace if you think you need to organize.
I've had fantastic luck with m0n0wall on a Soekris Net5501 box - The hardware was basically built for routing, switching and firewalling and m0n0wall is a great distribution.
Hit www.soekris.com for info on the products. (I have no financial connection whatsoever, just a satisfied customer)
Sounds like you both enjoy poking fun at each other and bickering about inconsequential things. Assuming this doesn't rise to the level of genuine arguments (like couch guy below) I say it sounds like a normal and healthy relationship. Just thought you might appreciate the thought after all the other comments soon to follow.
(5 year wedding anniversary 2 weeks ago, goin' on 9 years together, bicker like it's been 80)
I hate to say it and fuel the flames, but I also got my wife a Mac. Then her parents got one, and my parents both got them. Know what? My tech support load dropped significantly and they're really happy their machine doesn't give them problems anymore.
This whole "iPhones are an ungodly sum" meme is getting old. Have you priced out a smartphone vs an iphone lately?
My iPhone w/ 3G service is costing me $50/month LESS than a Palm Treo 755 w/ Verizon that I just gave up to make the switch. Same minutes, same texts, MMS is no skin off my teeth since the data unlimited gives me twitter/facebook to send photos instead.
Ouch! Generally we use interns and junior staff to watch over the techs on the floor. This policy stands mainly because it's not just Sun coming in to maintain Sun equipment, it's a vast range of vendors and suppliers. A/C guys to come change the A/C filters, fire guys to check the fire system, electrical guys, safety guys, structural guys for earthquale checks... you get the picture! Quite a lot of those folks are NOT at all capable of knowing not to (for example) lay a big plastic sheet across the air intake to a cooling system while they're trying to inspect the fire sprinklers.
Even our junior staff may not know the specifics of the board being replaced in the E4k by the Sun guy - but they've had datacenter care and respect driven into their skulls by the time they've been there a month, so they can keep watch.
Perhaps it's moronic to have a key and highly paid staff member watching over a tech in the datacenter, but I never said we had to have it be a highly paid senior person. We generally have our interns and junior folks supervise tech staff. They're not there to supervise the tech in their area of expertise, they're there to keep watch over the tech so they STICK to that area and don't accidentally muck up the rest of the datacenter.
It's not an issue of not having cameras in the datacenter (we do), but an issue of having someone right there to -prevent- the tech from doing anything stupid. "Hey, watch out, don't plug your cell phone recharger into that protected outlet" for instance. Security cameras can help you write the incident report after your outage and possibly prosecute malice, but that's not much comfort. The outage has been had, the damage has been done.
The technicians sent out by support contractors aren't familiar with the potential pitfalls of your datacenter, and often aren't even competent at anything beyond the exact task they're being sent out to do. Electrical guys repairing a UPS battery could easily decide that shutting off the power "just for a second" is an acceptable thing to do, and security cameras are no substitute for supervision.
It's great having someone tell you they will be there in three hours to replace your power supply, that you then have to dedicate a staff person to be with when they go out on the shop floor because some moron in security requires it.
Not to pick apart your comments too much, but I wouldn't allow a support (sub) contractor unrestricted access to the floor of our datacenter; there's too much they can accidentally screw up and then claim it wasn't them because no one was looking. If they're given permission to be on the floor with an open rack to do maintenance, someone should be watching them. I don't think that qualifies as moronic.
I assume you're talking about the DNS names, so why not embed all that useful information in the IN TXT field, where the DNS RFC states that such information should be, and provides a huge dataspace in which to put it?
Slashdot Mirror
An awful lot of people in this thread have quick and simple "just do this" solutions for NASA's data encryption challenges.
NASA isn't your standard corporate environment - there are serious challenges to any "Just do X" solution. They DO need to encrypt everything but its not a simple single-answer thing. They have to accommodate every scenario from "HR newbie with PII data in an office envrionment" to "Laptop collecting data on a C-130 as it flies through hurricanes" to "Laptops controlling robots in the desert during field tests sulating Martian environments".
In many of those cases a laptop with broken
encryption software means millions of wasted dollars if the experiment is a wash.
In other cases NOT having crypto means serious secrecy issues.
Anyway, there's no excuse for this loss but could we please stop pretending that NASA literally never considered DAR on mobile devices, and that simply doing {your favorite product} on everything would solve all the problems?
Thanks....
Wow, do you bring the servers with you when you go do field tests of your robot in the desert? Or on the plane when you're doing hurricane fly-through ops?
Wait, you don't have those kinds of complexities in your corp? Interesting.
I wonder if NASA is a really complicated and nuanced sort of place and how that might provide challenges for these sorts of seemingly trivial things.
Just to clarify for other readers, you post makes it sound like "NASA Doesn't do much" at NASA ARC.
I work at ARC, and it's a wonderful research facility! In just my short time here I've been involved with groups doing pioneering work in computer science and robotics, supercomputing, avionics, aviation safety, cockpit design, UAVs (for science, not war!), earth science, biology, astrophysics, planetary discovery, and so much more!!
NASA Kepler, which just found a "twin" earth (Google: Kepler 22-b) was begun here, and the science operations are still performed here.
Quite a lot of great stuff comes out of NASA Ames, for a very small overall price tag.
Hi all; I actually work for NASA as an IT Security guy.
While I can't answer specifics about this incident, you should remember that a great many things done by NASA are "General Science", and the data output from them is specifically and consciously made public.
It's possible that the FTP server is meant to be serving those files "to the public".
Why FTP instead of SFTP? Usually when you choose to make data public to the world, you don't bother implementing crypto on the data. And just because it's available via FTP for distribution, does not mean insecure FTP was used to *place* the data on the server.
You're quite right, actually. I didn't really want to go into all that detail with my post though, and knowing the "average" IT guy I think I'm still safe saying that they'd say "Hey, that should be in a datacenter!". ;)
Before everyone gets all spun up on government waste, inefficiency, etc - I'd like to point out that numbers like these are never accurate. (For the record, I work for the feds, in the IT field).
The problem with "The feds have X datacenters" as a metric is that various audits occur at different times and by different auditors. These auditors almost always have differing definitions for what a datacenter actually is.
In one audit, a group can come through and define "Datacenter" as a big room where servers are co-located and services run on behalf of others. They'll find 2 at my center. Then a year later, a different group comes in and defines "Datacenter" as anywhere that more than 5 computers are running and left on all night. They'll find 200 at my center. Yes, this actually happened! The auditors came through dozens of science labs, found project servers sitting in the labs, and labeled each lab a datacenter.
Now here is the trick to why the statistics are complete mush. A normal IT guy would walk through the lab and say "Hey, that server should be in a datacenter!" -- but the auditors make the reverse conclusion. "Hey, this lab is a datacenter".
Yes, there is waste in the federal sphere and we absolutely need to take action to be more efficient at all levels. However, this article is basically pushing a number that came from someones' imagination, and pretending it's meaningful.
Duh, how could I not think of a prompt + whitelist. :P
Then again, that presents the "NoScript" problem. While techies generally tend to use noscript, I pretty much see non-techies clicking "Temporarily allow all this page" on every page they visit that "doesn't work right" without even looking at the URL lists. So, a prompt to whitelist content would probably just get the same treatment. Better than status quo I suppose, but not a panacea either.
Wouldn't this feature also kill things like OpenID and other "Single Sign On" services?
If one strace's the chrome flash plugin process one discovers that in 10 seconds it issues 56,000 system calls -- 53,000 (95%) of them are useless gettimeofday() calls
Per my co-worker: That's probably why flash sucks so bad on MacOS. Apple won't give them the time of day!
One of the well documented problems is that if you cut wood that is "too wet" then the brake will activate, thinking that it's hit flesh.
So really the article should say "Each time you cut wood that's too damp (which you have no way to determine beforehand) you pay $169 to replace the blade and brake". That puts into focus why some woodworkers who know how to be careful do not WANT the safety feature.
Sounds like an excellent idea for foreign espionage. Set up a private shell company, then invite a bunch of former officials who know exactly how the real systems work, to get together in a hotel you've bugged and start pretending they're responding to a cyber attack of some sort.
Official1: "Call the NSA Task force Orange, tell them to begin operation Stork."
ForeignAgent: (making notes) Operation Stork.... NSA... means X..."
FYI, NASA does not have a pension plan and has not for years. Lately, we're all on the "TSP" - Thrift Savings Plan. It's the government equivalent of the 401k.
There's another important factor in the paranoia about data breaches and risk that's often VERY overlooked.
As part of the chain of responsibility, the CIO community (the individual CIOs at the 11 NASA centers, and the federal CIOs in general) are very risk-averse. Why might that be? Well, in addition to the normal slamming your agency has to endure if there's a data/privacy breach, the CIOs and decision makers may also be civilly or criminally liable for negligence if it can be shown that they were permitting workplace practices that went against federal regulations. A few CIOs that I know are actually carrying personal liability insurance (out of their own pockets) to cover themselves in case such accusations are leveled.
Now, imagine you're the person tasked with pushing the envelope technologically (Hey, it's what NASA does) but the only thing your bosses ever remind you of is that it's your ass on the line if anything is ever breached, inappropriately stored or transmitted, etc -- and that fines and jail time aren't out of the question. That's enough to make someone pretty risk-averse!
To follow up on this (Disclaimer: I am a NASA employee), NASA and other federal agencies are prohibited by policy and law from transmitting or storing many of our data types on non-government owned hardware and networks. (Transmitting of course can be done if it's tightly encrypted). Processing our data on private servers is strictly prohibited in many cases.
The most frequently cited laws and policies which dictate this are FISMA and OMB M-06-16, but there are many others. Employees are even prohibited from doing team collaboration with things like Google Docs, because information which is not yet deemed to be sensitive (say, an immature design for a propulsion system) might become very sensitive, and once it's "out" it is out for good.
Like it or not, there's a lot of other countries with developing missile programs, communications programs and many other technologies which have dual civilian and military use, and NASA is charged by congress with keeping technology that may have military applications out of foreign hands.
If Nebula is able to perform as well as clouds such as EC2 and the like, and allow NASA and other federal agencies to do cloud style processing within the government sector, it could save HUGE amounts of taxpayer money that's otherwise legally obligated to be "Wasted".
I'm an IT Security guy, and am part of a union. Our parent organization is the IFPTE -- International Federation of Professional Trade Engineers. I'm sure you could contact them about unionization at your workplace if you think you need to organize.
I've had fantastic luck with m0n0wall on a Soekris Net5501 box - The hardware was basically built for routing, switching and firewalling and m0n0wall is a great distribution.
Hit www.soekris.com for info on the products. (I have no financial connection whatsoever, just a satisfied customer)
Sounds like you both enjoy poking fun at each other and bickering about inconsequential things. Assuming this doesn't rise to the level of genuine arguments (like couch guy below) I say it sounds like a normal and healthy relationship. Just thought you might appreciate the thought after all the other comments soon to follow.
(5 year wedding anniversary 2 weeks ago, goin' on 9 years together, bicker like it's been 80)
I hate to say it and fuel the flames, but I also got my wife a Mac. Then her parents got one, and my parents both got them. Know what? My tech support load dropped significantly and they're really happy their machine doesn't give them problems anymore.
This whole "iPhones are an ungodly sum" meme is getting old. Have you priced out a smartphone vs an iphone lately?
My iPhone w/ 3G service is costing me $50/month LESS than a Palm Treo 755 w/ Verizon that I just gave up to make the switch. Same minutes, same texts, MMS is no skin off my teeth since the data unlimited gives me twitter/facebook to send photos instead.
Ouch! Generally we use interns and junior staff to watch over the techs on the floor. This policy stands mainly because it's not just Sun coming in to maintain Sun equipment, it's a vast range of vendors and suppliers. A/C guys to come change the A/C filters, fire guys to check the fire system, electrical guys, safety guys, structural guys for earthquale checks... you get the picture! Quite a lot of those folks are NOT at all capable of knowing not to (for example) lay a big plastic sheet across the air intake to a cooling system while they're trying to inspect the fire sprinklers.
Even our junior staff may not know the specifics of the board being replaced in the E4k by the Sun guy - but they've had datacenter care and respect driven into their skulls by the time they've been there a month, so they can keep watch.
Perhaps it's moronic to have a key and highly paid staff member watching over a tech in the datacenter, but I never said we had to have it be a highly paid senior person. We generally have our interns and junior folks supervise tech staff. They're not there to supervise the tech in their area of expertise, they're there to keep watch over the tech so they STICK to that area and don't accidentally muck up the rest of the datacenter.
It's not an issue of not having cameras in the datacenter (we do), but an issue of having someone right there to -prevent- the tech from doing anything stupid. "Hey, watch out, don't plug your cell phone recharger into that protected outlet" for instance. Security cameras can help you write the incident report after your outage and possibly prosecute malice, but that's not much comfort. The outage has been had, the damage has been done.
The technicians sent out by support contractors aren't familiar with the potential pitfalls of your datacenter, and often aren't even competent at anything beyond the exact task they're being sent out to do. Electrical guys repairing a UPS battery could easily decide that shutting off the power "just for a second" is an acceptable thing to do, and security cameras are no substitute for supervision.
It's great having someone tell you they will be there in three hours to replace your power supply, that you then have to dedicate a staff person to be with when they go out on the shop floor because some moron in security requires it.
Not to pick apart your comments too much, but I wouldn't allow a support (sub) contractor unrestricted access to the floor of our datacenter; there's too much they can accidentally screw up and then claim it wasn't them because no one was looking. If they're given permission to be on the floor with an open rack to do maintenance, someone should be watching them. I don't think that qualifies as moronic.
There was just recently a large discussion about this topic on NANOG. The mailing list archive where the thread begins can be found here: http://www.merit.edu/mail.archives/nanog/msg20241.html
Gee, I wonder why Verizon would think that consumers don't need VOIP? Perhaps competition has something to do with it...
I assume you're talking about the DNS names, so why not embed all that useful information in the IN TXT field, where the DNS RFC states that such information should be, and provides a huge dataspace in which to put it?