Well it looks like another black eye for Nasa.The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency’s inspector general told Congress today in testimony highlighting NASA’s security challenges.
“The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station,” NASA Inspector General Paul K. Martin said in written testimony (PDF). Another laptop contained sensitive information on the NASA’s Constellation and Orion programs, as well as Social Security numbers, he said.
Some 48 agency devices were ether lost or stolen between April 2009 and April 2011, resulting in the unauthorized release of sensitive information such as personally identifiable information, third-party intellectual property, and export-controlled data. During 2010 and 2011, NASA experienced 5,408 computer security incidents that resulted in unauthorized access to systems or the installation of unauthorized software, costing the agency an estimated $7 million.
However, because the reporting system is voluntary, these numbers may not represent the full extent of the security threat, Martin said.
“NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files,” he said.