Description of Driving Event:
Compromising of the current Data Encryption Standard (DES)
Lesson(s) Learned:
The recent compromising of the Data Encryption Standard (DES) suggests that the ISS command uplink may not be sufficiently protected.
Recommendation(s):
NASA should engage the National Security Agency to conduct a thorough evaluation of the level of protection provided by the current system and proceed as rapidly as feasible with its plans for a more secure encryption system for the ISS. Potential vulnerabilities of the ground elements of the system should also be assessed.
Evidence of Recurrence Control Effectiveness:
NASA concurs with the recommendation. The ISS Program Office has been working with the NASA HQ Security Office, the NSA and NIST to define an acceptable replacement for DES. The newly selected encryption standard for ISS is Triple-DES, as approved at the Avionics Software Control Panel on March 17, 1999.The target date to begin implementation is assembly flight 9A with completion at 13A.
Documents Related to Lesson:
N/A
Mission Directorate(s):
- Exploration Systems
- Space Operations
- Aeronautics Research
Additional Key Phrase(s):
- Aerospace Safety Advisory Panel
- Computers
- Flight Operations
- Security
- Spacecraft
Additional Info:
|
