According to the findings of an internal investigation, a laptop stolen from NASA last year contained International Space Station command codes, a potentially devastating finding.
The laptop had no encryption either, and is just one of many devices lost or stolen in the past few years from NASA which contained sensitive info.
Says NASA Inspector General Paul K. Martin: "The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station."
All in all, 48 agency devices were stolen or lost between April 2009 and April 2011. Most of the devices contained personal info, third party IP and other sensitive info. Additionally, in 2010 and 2011 NASA "experienced 5,408 computer security incidents that resulted in unauthorized access to systems or the installation of unauthorized software, costing the agency an estimated $7 million," says CBS.
The numbers, while shocking, may not, be the full extent either: "NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files."
Says NASA Inspector General Paul K. Martin: "The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station."
All in all, 48 agency devices were stolen or lost between April 2009 and April 2011. Most of the devices contained personal info, third party IP and other sensitive info. Additionally, in 2010 and 2011 NASA "experienced 5,408 computer security incidents that resulted in unauthorized access to systems or the installation of unauthorized software, costing the agency an estimated $7 million," says CBS.
The numbers, while shocking, may not, be the full extent either: "NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files."