NASA to Beef Up Cybersecurity After Laptop Computer Theft
The International Space Station is featured in this image photographed by an STS-133 crew member on space shuttle Discovery after the station and shuttle began their post-undocking relative separation on March 7, 2011.
Credit: NASA

NASA is taking steps to prevent another security lapse like the one that caused unencrypted space station codes to leak when a NASA laptop computer was stolen, the space agency's chief Charles Bolden told Congress Wednesday (March 7).

The stolen NASA laptop was among 48 mobile devices taken from the space agency between April 2009 and April 2011, the agency's Inspector General office announced on Feb. 29. The laptop contained command and control codes for the International Space Station (ISS).

"I can take action there and I intend to do so," Bolden told the U.S. Senate's Commerce, Science and Transportation committee Wednesday (March 7). "I can make it a policy or reemphasize the policy that when critical information is put on a laptop, it's encrypted."

Senator Bill Nelson (D-Fla.) expressed worry that the agency was putting its assets at risk.

"NASA has been the subject of numerous cyber attacks," Nelson said. "Skilled and committed cyber-attackers could choose to cause significant disruption to NASA efforts."

Yet Bolden said that despite the loss of the space station codes, the orbiting laboratory was never at any risk.

"If in the unlikely event someone ended up with a laptop that had critical commands for the International Space Station, they would still have to get through another set of firewalls at the Johnson Space Center, because everything that goes to the International Space Station is encrypted prior to transmission," Bolden said. "Any command to the International Space Station goes through an elaborate encryption system."

Still, senators were unhappy to hear that such sensitive information wasn't already being encrypted on all agency laptops, as is the case with most other government agencies, they asserted.

"Why are only 1 percent of NASA laptops encrypted?" Nelson asked. "Why is NASA so far behind the rest of the government in securing the data on the rest of its devices?"

Bolden said he thought encryption was already the norm, but would take steps to look into the agency's policy and make adjustments if needed.

"One of the things I'm doing is emphasizing to our employees that they have to be vigilant," Bolden said.

The administrator promised to make a full report to the Senate committee after reviewing a pending report on the issue.

You can follow SPACE.com assistant managing editor Clara Moskowitz on Twitter @ClaraMoskowitz. Follow SPACE.com for the latest in space science and exploration news on Twitter @Spacedotcom and on Facebook.