Watchdogs at the Government Accountability Office issued a pretty much ripping the space agency’s network security strategy stating that NASA has significant problems protecting the confidentiality, integrity, and availability of the information and variety of networks supporting its mission centers.

NetworkWorld Extra: 10 NASA space technologies that may never see the cosmos

Specifically, NASA did not consistently implement effective controls to prevent, limit, and detect unauthorized access to its networks and systems. The GAO said NASA did not identify and authenticate users; restrict user access to systems; encrypt network services and data; protect network boundaries; and t and monitor computer-related events. The GAO said NASA networks and systems have been successfully targeted by cyber attacks 1,120 times in the past two years. All of this despite the fact that the agency’s IT budget in fiscal year 2009 was $1.6 billion, of which $15 million was dedicated to IT security, the GAO stated.

Because NASA’s high profile and cutting edge technology makes it an attractive target for hackers seeking recognition, or for nation-state sponsored cyber spying. Thus, it is vital that attacks on NASA computer systems and networks are detected, resolved, and reported in a timely fashion and that the agency has effective security controls in place to minimize its vulnerability to such attacks, the GAO stated.

The agency relies on computer networks and systems to collect, access, or process a significant amount of data that requires protection, including data considered mission-critical, proprietary, and/or sensitive but unclassified information. For example, the agency-wide system controlling physical access to NASA facilities stores personally identifiable information such as fingerprints, Social Security numbers, and pay grades.