NewsFlash: Star Wars? —ISS Control Codes on Stolen NASA Laptop

 

           Iss_sts117_big

A laptop, which was not encrypted, was stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation revealed. The laptop was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges.
"The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," NASA Inspector General Paul K. Martin reported in written testimony about NASA's cybersecurity. Another laptop contained sensitive information on the NASA's Constellation and Orion programs, the Multi-Purpose Crew Vehicle (MPCV) being built for NASA's future manned spaceflight missions, he said.


"NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files," Martin added.Martin said in 2011 the agency was the target of 47 cyberattacks known as advanced persistent threats, which are executed by well-resourced individuals or groups intent on stealing or modifying information without being detected.

Of those attacks, 13 successfully compromised agency computers, Martin said. One such intrusion resulted in the theft of user credentials for more than 150 NASA employees that could have been used to gain access to agency computer systems.

Another such attack, which is the subject of an ongoing investigation, targeted the Jet Propulsion Laboratory in Pasadena, Calif. Intruders using China-based IP addresses "gained full access to key JPL systems and sensitive user accounts," Martin said. The intrusion, which went undetected for some time, gave the hackers "total control over systems" at JTL, which as NextGov.com noted operates the global Deep Space Network (DSN) that coordinates interplanetary spacecraft missions.

"Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," Martin said.

The Daily Galaxy via cnet.com and pcworld.com

The March 'Twitter & Facebook' Competition –Win One of Three $200 Amazon Gift Certificates

error

"The Galaxy" in Your Inbox, Free, Daily