In a statement given to a House committee on the security challenges facing NASA, Paul K. Martin said the computer was actually not an isolated incident but was in fact one of 48 taken between April 2009 and April 2011.
“The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of algorithms used to command and control the International Space Station,” Martin said in his written testimony. “Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs.”
In 2010 and 2011, there were 5,408 computer security incidents at the space agency costing NASA an estimated $7 million.
“These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin said.
Last year, NASA was the victim of 47 cyberattacks, with 13 of those attacks successfully compromising the agency’s computers. In one of those attacks, credentials for more than 150 employees were stolen.
Another attack involved Chinese-based IP addresses that gained full access to systems and sensitive user accounts at the Jet Propulsion Laboratory in Pasadena, Calif.
According to the Office of Management and Budget, a mere 1 percent of NASA’s portable devices and laptops have been encrypted this year.
“Until NASA fully implements an Agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft,” Martin said.