Stolen NASA Laptop Prompts New Security Rules
The space shuttle Atlantis launches on its last mission from NASA's Kennedy Space Center in Florida on July 8, 2011.
A "large number" of NASA employees may be at risk following the theft of an unencrypted agency laptop and several other documents from an employee vehicle. The theft has prompted the space agency to adopt new security procedures.
"We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees," Richard Keegan Jr., NASA's associate deputy administrator, said in a Nov. 13 email to all NASA employees.
"The Administrator is extremely concerned about this incident and has directed that all IT security issues be given the highest priority," Keegan said, referring to Charles Bolden Jr., NASA administrator since 2009.
Last year, NASA admitted that similar data breaches had resulted in the loss or theft of 48 portable electronic devices. Among the data compromised were International Space Station command-and-control codes and employees' personal information.
In one case very similar to the current one, a laptop was stolen in March 2011 from an employee's car at the Kennedy Space Center in Florida.
The latest breach, which occurred on Oct. 31, finally spurred NASA into action. The space agency has enacted new policies, including mandatory full-disk encryption for NASA-issued computers that go off the premises.
"This applies to laptops containing PII [personally identifiable information], International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) data, procurement and human resources information, and other sensitive but unclassified (SBU) data," Keegan said.
The new rules will apply to all laptops, regardless of what they contain, a statement said. Encryption on all NASA devices must be completed by Dec. 21.
In addition to the new encryption rules, NASA will forbid employees from storing sensitive information on mobile devices such as smartphones and tablets. All data not immediately required must also be deleted from local hard drives and stored on networked drives instead.
As of February, only one percent of NASA laptops were encrypted, Kaspersky's Threatpost security blog reported. The agency that was once at the edge of technological accomplishment and took us to the moon may have some catching up to do.
Follow Ben on Twitter @benkwx.