Posted on Friday, March 02 2012 @ 19:56 CET by Thomas De Maesschalck
A report by an inspector general assigned to inspect and diagnose security at NASA found that the space agency is way too easy on security. Between April 2009 and April 2011 at least 48 laptops and mobile devices were stolen from NASA employees, including systems with control codes to the International Space Station and other confidential data. As of February 1, as little as 1 percent of NASA laptops use encryption to protect secrets such as spaceship designs, control codes and third-party contractors' intellectual property. And more astoundingly, NASA computers rarely get updated, the agency lacks coherent device management and employees aren't authorized to apply software updates or are unaware of how to do so.
The net result is that everyone from amateurs up to seasoned foreign level actors appears to be victimizing NASA and its IT department. The worst incident described was the theft of the space station control codes, which were on an unencrypted laptop.
The IG didn't say exactly where that laptop might be today, leaving it unclear whether it even knows. Nor did it say what become of the other devices which contained employee (and astronaut) social security numbers, data on the Orion spacecraft design, data on the cancelled Constellation Program, "export-controlled, Personally Identifiable Information", and "third party intellectual property".
As for the ISS control codes, NASA engineers were forced to scrap parts of the station's software when they realized that security had been presumably completely compromised. As Mr. Martin puts it, there was "loss of the algorithms."
More details
at DailyTech.
