NASA inspector general Paul Martin testified before a House Science, Space and Technology subcommittee that a notebook stolen from the aeronautics company was unencrypted and contained codes to control the International Space Station. The system was one of 48 notebooks or mobile devices stolen from NASA over a two year period.
The notebook was reported stolen in March 2011 and resulted in the loss of algorithms used to command and control the International Space Station. Other stolen items have contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs.
The situation thickens as NASA can’t fully measure the amount of sensitive data compromised because the agency relies on employees to self-report data loss rather than maintaining and reviewing backups of said data. Even more alarming, as of February 1, 2012, only 1 percent of NASA portable devices / notebooks are encrypted.
The testimony was part of an extensive audit submitted to Congress earlier this week that highlights multiple IT-related issues. Martin notes that some NASA systems contain sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security or significantly impair the nation’s competitive technological advantage.
NASA says they spend more than $1.5 billion annually on IT-related activities which includes approximately $58 million for IT security. Even so, a May 2010 audit found only 24 percent of computers on a mission network were monitored for critical software patches and only 62 percent were checked for technical vulnerabilities.