Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

NASA scrambles to encrypt laptops after major breach

Jaikumar Vijayan | Nov. 15, 2012
NASA is scrambling to implement full disk encryption on agency laptops after one containing unencrypted personal information on a "large" number of people was recently stolen.

NASA's new measures appear intended to blunt criticism of the latest data breach.

The agency has been criticized in the past for lacking strong measures to protect sensitive data. In February , NASA Inspector General Paul Martin criticized the agency for lagging "far behind other federal agencies" in protecting data on agency laptops.

In testimony before the U.S. House of Representatives, Committee on Science, Space and Technology, Subcommittee on Investigations and Oversight, Martin noted that NASA had reported the loss or theft of 48 mobile computing devices between April 2009 and April 2011. Some of the incidents resulted in unauthorized release of sensitive data, Martin had noted. (The full report is available here).

In his testimony, Martin pointed to the March 2011 theft of an unencrypted notebook computer that resulted in the exposure of algorithms used to command and control the International Space Station. In another incident, sensitive data on NASA's Constellation and Orion programs were similar compromised when a laptop containing the data was stolen.

"NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the Agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files," Martin testified.

"Until NASA fully implements an Agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," he added.

 

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.