US COMPUTER STOLEN http://www.pcmag.com/article2/0,2817,2401020,00.asp

Laptop with ISS Command Codes Stolen from

 NASA in 2010

• By Damon Poeter
• February 29, 2012 09:49pm EST
• 2 Comments

 Share9  inShare3 0digg 

An unencrypted laptop stolen from NASA last year contained codes used to control the International Space Station (ISS), the space agency's inspector general told Congress on Wednesday in written testimony discussing NASA's cybersecurity—or lack thereof.

The March 2011 theft of the computer containing the ISS command algorithms was just one of "5,408 computer security incidents [in 2010 and 2011] that resulted in the installation of malicious software on or unauthorized access to [NASA] systems," Inspector General Paul Martin informed the U.S. House of Representatives.

Other laptops stolen during the period in question contained data related to Orion, the Multi-Purpose Crew Vehicle (MPCV) being built for NASA's future manned spaceflight missions. NASA reported "the loss or theft of 48 Agency mobile computing devices" between April 2009 and April 2011, Martin reported.

Such security incidents resulted in losses of more than $7 million, he said. NASA believes some IT security breaches in the past two years originated from amateur hackers and cybercriminals, but that others may have been the work of foreign agents.

The investigation of one network intrusion at NASA's Jet Propulsion Laboratory (JTL) turned up China-based network addresses, the site reported. The intrusion, which went undetected for some time, gave the hackers "total control over systems" at JTL, which as NextGov.com noted operates the global Deep Space Network (DSN) that coordinates interplanetary spacecraft missions.

In 2010 and 2011, NASA said it experienced 47 cyberattacks by well-heeled and skillful hacking operations known as "Advanced Persistent Threats," 13 of which succeeded in accessing computer systems before being detected.

NASA has a $1.5 billion annual IT budget, of which approximately $58 million is spent on IT security. But the space agency is way behind the curve when it comes to encrypting some of its most vulnerable IT assets. Federal agencies encrypt about 54 percent of their laptops and other mobile devices on average, but as of Feb. 1, 2012, NASA had only encrypted 1 percent of its own mobile systems.

The space agency is also deficient in routine IT upkeep, Martin told Congress.

"For example, a May 2010 OIG audit found that only 24 percent of applicable computers on a mission network were monitored for critical software patches and only 62 percent were monitored for technical vulnerabilities," he wrote. "Our detailed control test of this network identified several high-risk technical vulnerabilities on a system that provides mission support to manned and unmanned spacecraft."