Stolen NASA Laptop Contained Commands For International Space Station
In testimony before Congress today, NASA’s Inspector General discussed NASA’s IT security efforts, and discussed some of the attacks and thefts that have plagued the agency’s assets. Some of the numbers discussed are somewhat eye-opening, but it’s difficult to say whether NASA has a significant problem compared to other agencies, since NASA is a rare Federal agency that consistently monitors such incidents.
Among the highlights of the testimony, NASA reported that from April 2009 to April 2011, 48 mobile computing devices containing sensitive information were either lost or stolen. One stolen laptop contained algorithms that are used to command the International Space Station. Other contained information related to the Orion and Constellation manned spaceflight programs. The laptops were not encrypted, and the Inspector General commented that “Until NASA fully implements an Agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft.”
Surprisingly, most NASA assets aren’t encrypted. The Federal Agency average is about 54% of laptops or other mobile devices encrypted. The NASA rate is 1%.
The Inspector General also reported that there were 5,048 attacks on NASA’s computers in 2010 and 2011 that either resulted in unauthorized access to NASA’s systems or the installation of malware. Some of these incidents may have been related to organized crime or foreign intelligence services. In addition, NASA suffered 47 attacks by “Advanced Persistent Threats” (APTs), which are described as “groups that are particularly well resourced and committed to steal or modify information from computer systems and networks without detection.” Of those 47 attacks, 13 were successful.
One of those APT attacks, which is still under investigation, involved someone with Chinese IP addresses gaining complete access to systems at the Jet Propulsion Laboratory, including the ability to “(1) modify, copy, or delete sensitive files; (2) add, modify, or delete user accounts for mission-critical JPL systems; (3) upload hacking tools to steal user credentials and compromise other NASA systems; and (4) modify system logs to conceal their actions.”
Basically, whoever hacked the JPL could pretty much do anything with what they found there. Considering some of the work that gets done at the JPL, that could prove quite worrisome. Here’s hoping that this audit leads to improved security of NASA’s systems.