Nasa to encrypt data after latest breach

Nasa is to encrypt all its mobile computers after the loss of a laptop containing personal information about more than 10,000 staff

US space agency Nasa is to encrypt all its mobile computers after the loss of a laptop containing personal information about more than 10,000 employees and contractors.

Until the encryption process is complete, staff members are forbidden to remove Nasa-issued laptops containing sensitive information from its facilities, according to the BBC.

This is the latest in a series of data breaches involving unencrypted laptops at Nasa in recent years and comes just eight months after the theft of a laptop containing personal information of 2,300 employees and students.

At the time, Nasa administrator Charles Bolden told the US House Appropriations Committee Subcommittee on Commerce that that he was going to sign a directive ordering all portable devices to use encryption, after acknowledging the agency was "woefully deficient" when compared with other government departments.

Other recent incidents include the loss of laptops containing algorithms used to command and control the International Space Station and sensitive data on Nasa's Constellation and Orion programmes.

Between April 2009 and April 2011, Nasa reported the loss or theft of 48 of its mobile computing devices according to the Nasa Watch blog, which has previously criticised the agency over data losses.

It emerged this week that at the end of October, a laptop was stolen from a locked vehicle of a Nasa employee at the organisation’s headquarters in Washington DC.

Nasa said the laptop was password protected, but admitted the information might still be accessible because it was not encrypted.

Read more about encryption:

Full-disk encryption can save IT grief from lost laptops

HMRC deploys Becrypt off-the-shelf encryption

Microsoft encryption key deadline approaching

CertiVox enables Outlook encryption

Self-encrypting drives: What's holding back SED hard drive encryption security?

Self-encrypting drives: SED the best-kept secret in hard drive encryption security

The agency has told employees to be cautious about any phone calls, emails, and other communications from individuals claiming to be from Nasa or other official sources that ask for personal information or verification of it.

An agency-wide email published by news site Spaceref also said that because of the amount of information that must be reviewed,  it may take up to 60 days for those affected by this breach to be identified and contacted.

Nasa's chief information officer, Linda Cureton, has ordered that all agency laptops be encrypted within a month.

In addition employees have been banned from storing sensitive data on mobile phones, tablets and other portable devices.

Terry Greer-King, UK managing director for security firm Check Point, said the fact that this latest breach comes so soon after a similar incident in March, proves that enforcing good data security is an ongoing, rigorous process. 

“By its own admission, only 1% of Nasa laptops and portable devices were encrypted as at February 2012, compared with a US government-wide encryption rate of 54%,” he said.

According to Greer King,  a Check Point survey of more than 300 UK public and private sector organisations in November 2011 revealed that only 52% encrypted their laptops. 

“This shows there is still a long way to go before the data held on government and corporate laptops is truly secure,” he said.

Read more on Endpoint security

Data Center
Data Management