Stolen NASA laptop had Space Station control codes… and no encryption for supervillains to crack!

I suspect this may be just about the highest profile incident of laptop security negligence we have experienced to date. For the full article please follow this link:

http://www.theregister.co.uk/2012/03/01/nasa_stolen_laptop_unencrypted/

In another article on the BBC website reporting on NASA security breaches it was claimed that:

The agency suffered “5,408 computer security incidents” between 2010 and 2011.

Between April 2009 and April 2011, NASA reported the loss or theft of 48 Agency mobile computing devices.

This particular lost unencrypted notebook computer contained details of the algorithms – the mathematical models – used to control the International Space Station.

http://www.bbc.co.uk/news/technology-17231695

NASA told the BBC that “at no point in time have operations of the International Space Station been in jeopardy due to a data breach”. A bold claim indeed!

Considering the availability and low cost of encryption solutions to avert this type of risk it is almost unbelievable that such a “target-rich environment for cyber attacks” as NASA should be so reckless in their security procedures.

This should serve as a timely reminder for any custodian of critical data, particularly those with legal and regulatory compliance mandates to fulfil. Unfortunately it seems security is considered a “nice to have” in many industry sectors with other commitments taking priority. Of course this sort of thing won’t happen to you, will it? Maybe a fine of £500,000 from the Information Commissioners’ Office will help to focus the mind.