A laptop stolen from NASA contains the control codes used to command the International Space Station.
The unencrypted laptop stolen last year is among dozens of mobile devices containing sensitive information that have been reported missing from the space agency, an internal investigation has found.
Giving testimony on the space agency's security issues, NASA Inspector General Paul K. Martin told Congress that 48 agency devices were lost or stolen over a two year period.
The mobile devices, which contained personable data, intellectual property, and highly sensitive export-controlled data, were stolen between April 2009 and April 2011, CBS News reported.
Over two years alone NASA was the victim of 5,408 computer security breaches that included unauthorized access to systems or the installation of unauthorized software. The incidents during 2010 and 2011 cost the space agency around $7 million.
Martin told Congress in written testimony: 'The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station,'
Another stolen laptop contained classified information on NASA's space exploration Constellation and Orion programs and employees social security details.
These figures may be the tip of the iceberg, Martin said because the system for reporting lost data or devices is voluntary:
He said: 'NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files,' CBS News reported.
Fears: NASA Inspector General Paul Martin painted a bleak picture of security at the space agency
In 2011 NASA was the victim of 47 serious cyberattacks by individuals or groups attempting to steal information or gain access to systems, Martin said.
13 of these advanced persistent threats or (APTs) were successful including one attack in which system access codes for some 150 NASA employees were stolen.
Another attack on the Jet Propulsion Laboratory in Pasadena, Calif. stemming from China based USPs is still under investigation. Cyber thieves 'gained full access to key JPL systems and sensitive user accounts,' Martin said.
Martin painted a gloomy picture of security at NASA explaining while the rate of mandated encryption across government departments was 54 percent, just 1 percent of NASA portable devices are encrypted.
'Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft,' he said.
Read more: http://www.dailymail.co.uk/news/article-2108701/Stolen-NASA-laptop-contained-command-codes-CONTROL-International-Space-Station.html#ixzz1nugyJtb5
0 comments:
Post a Comment