NASA Chief Reassures Lawmakers on IT Security

by

NASA is taking steps to prevent another security lapse like the one that caused unencrypted space station codes to leak when a NASA laptop computer was stolen, NASA Administrator Charles Bolden told a U.S. Senate panel March 7.

The stolen NASA laptop was among 48 mobile devices taken from the space agency between April 2009 and April 2011, according to the NASA Office of Inspector General. The laptop contained command-and-control codes for the international space station (ISS).

“I can take action there and I intend to do so,” Bolden told the Senate Commerce, Science and Transportation Committee during a NASA budget hearing. “I can make it a policy or re-emphasize the policy that when critical information is put on a laptop, it’s encrypted.”

Sen. Bill Nelson (D-Fla.) expressed worry that the agency was putting its assets at risk.

“NASA has been the subject of numerous cyber attacks,” Nelson said. “Skilled and committed cyber attackers could choose to cause significant disruption to NASA efforts.”

Yet Bolden said that despite the loss of the space station codes, the orbiting laboratory was never at risk.

“If in the unlikely event someone ended up with a laptop that had critical commands for the international space station, they would still have to get through another set of firewalls at the Johnson Space Center, because everything that goes to the international space station is encrypted prior to transmission,” Bolden said.

“Any command to the international space station goes through an elaborate encryption system.”

Still, senators were unhappy to hear that such sensitive information was not already being encrypted on all agency laptops, as is the case with most other government agencies, they asserted.

“Why are only 1 percent of NASA laptops encrypted?” Nelson asked. “Why is NASA so far behind the rest of the government in securing the data on the rest of its devices?”

Bolden said he thought encryption was already the norm, but would take steps to look into the agency’s policy and make adjustments if needed.

“One of the things I’m doing is emphasizing to our employees that they have to be vigilant,” Bolden said.