(LiveHacking.Com) – Keeping software up to date, installing firewalls and using intrusion detection systems are all excellent ways to boost security however little can be done to tackle the human error aspect. A few days ago NASA employees were told of a laptop theft from a locked car in an email message from Richard Keegan Jr., associate deputy administrator at NASA.
It turns out that the laptop held personally identifiable information of “at least” 10,000 NASA employees and contractors. The laptop was password protected however it did not use disk encryption. This means that the information on the laptop is easily accessible to the thieves. NASA is working with data breach specialist, ID Experts, who be providing identity theft monitoring services to the individuals at risk. NASA will be picking up the bill for ID Expert’s help.
Now NASA has ordered that all laptops must be encrypted and until the process is complete, staff are not allowed to remove NASA laptops containing sensitive information from any of its facilities. With immediate effect laptops containing information about the international sale or transport of weapons, nuclear equipment or other materials are only allowed to leave NASA if the relevant data is encrypted. Also included in the category of sensitive data is any information about NASA’s human resources.
Computerworld spoke with John Pescatore, an analyst with Gartner Inc., who said that “the compromise isn’t surprising considering that NASA has the lowest portable device encryption rate among all federal agencies. According to a report released in March by the White House Office of Management and Budget, only 41% of NASA-owned portable devices meet the encryption requirements of the Federal Information Security Management Act (FISMA).”
According to the BBC, NASA was warned in 2009 that it was not taking enough steps to sufficiently protect information and had reported the loss or theft of 48 of its mobile computing devices between April 2009 and April 2011.
NASA’s chief information officer, Linda Cureton, who gave the order to encrypt says wanted the maximum possible number of laptops to be encrypted by this week and has set a target that all laptops will be encrypted within a month. Also employees have been banned from storing sensitive data on mobile phones, tablets and other portable devices.
“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our Nation’s competitive technological advantage,” said Paul K. Martin, Inspector General, National Aeronautics and Space Administration, in testimony given in February “In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems.”