Highlights include the loss of the International Space Station’s control codes to laptop theft. Whoops.
A lifelong diet of sci-fi movies and space-based novels has inculcated a certain sense of NASA’s invulnerability in various regions of our dear geekdom. A feeling, perhaps, that the agency is more Battlestar Galactica than NCIS (do click the latter link if you haven’t had a laugh yet today. It’s amazing).
Sadly, security at the agency isn’t as tight as its image would like it to seem. In a written briefing to Congress this week, NASA Inspector General Paul Martin gave details of the 5,408 security lapses which occured at the space agency in 2010 and 2011. Some were small, some were medium, some were nascent diplomatic incidents which resulted in arrests across international borders. For a full accounting, you can read Martin’s whole testimony here.
Select highlights of the document include tales of theft, such as when someone stole a laptop which NASA had been using to store the command and control algorithms for the International Space Station. Other instances of laptop thievery included the loss of personal information and data relating to various projects including Constellation and Orion.
There are tales of international hacking too, such as when a group of hackers using Chinese IP addresses managed to take full control of the networks inside NASA’s Jet Propulsion Laboratory and spend some time wearing out the “ctrl”, “c”, and “v” keys on their keyboards.
All told, these losses cost the agency an estimated $7 million over the two years.
“NASA needs to improve agency-wide oversight of the full range of its IT assets,” wrote Martin. “Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft.”
Martin continues, “[At time of writing] NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files.”
So that might be the first thing to fix, Inspector General. While the document notes that NASA’s position as an agency for national edification on all things space makes it an especially porous and attractive target for hackers and thieves, it also notes that such a high volume of breaches is unacceptable for an agency like NASA. We have to get to Mars, guys. What if you get there and then find that someone’s hacked your space-computers and replaced the landing codes with reruns of Friendship is Magic dubbed in Mandarin? I mean you’d be entertained on the ride home, sure, but still…