A laptop stolen from NASA last year contained security and control codes for the International Space Station, NASA Inspector General Paul Martin told a House subcommittee on Wednesday.
The unencrypted laptop resulted in the loss of the algorithms used to control the space station, officials said, though NASA spokesman Trent Perrotto told Security News Daily that at no point in time have operations of the International Space Station been in jeopardy due to a data breach.
Martin told the Science, Space and Technology House subcommittee that 48 laptops were stolen between April 2009 and April 201l. The number of stolen laptops could be higher because NASA relies on employees to report incidences, according to MSNBC.
Some laptops contained Social Security numbers and information on several NASA programs, but Perrotto told Security News Daily that NASA is working on implementing better security measures throughout the organization.
NASA encrypts 1 percent of organizational laptops and other portable electronics, Martin told the subcommittee.
NASA was the target of 5,400 cyber-attacks between 2010 and 2011 that cost the agency $7 million from intrusions and malware planted on NASA computers by hackers.
These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives, Martin told MSNBC.
Investigators traced one attack back to China. The intruders gained full access to accounts at NASA's Jet Propulsion Laboratory and had the ability to copy and delete sensitive files and upload hacking tools, Martin told the subcommittee.
In other words, the attackers had full functional control over these networks, Martin said, according to MSNBC.
Martin said the agency will be at risk until better security is in place.
Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft, Martin said, according to the CBS station in Washington D.C.