NASA is the target of some scary hacks and and digital espionage. But if someone out there has control codes to the International Space Station, it might be because the laptop of some NASA knucklehead was stolen, and it didn't have any of the data encrypted.
According to testimony given to the House Committee on Science, Space and Technology, a laptop stolen in March of last year "resulted in the loss of the algorithms used to command and control the ISS". And apparently at least 48 laptops and mobile devices were lost or stolen between April 2009 and April 2011.
Even though the devices had sensitive information—data on the Constellation and Orion programs, social security numbers, non-NASA research—there is no agency-wide encryption policy for devices. In fact, no one even keeps track of what data is on the devices, so if an employee loses a phone with secure information on it, the only way NASA finds out is if the employee fesses up.
Look, we know a thing or two about losing laptops, and encryption is one of the simplest things you can do to secure your data. That NASA, home to some of the smartest nerds in the world, doesn't have an encryption policy is kind of astonishing. Especially considering how frequently it's the focus of cyber attacks. So let's see about getting some encryption software for those laptops, eh gentlemen? [House of Representatives via The Register]