WASHINGTON (AFP) – A stolen US space agency laptop containing codes that control the International Space Station did not put the orbiting lab in peril, a NASA spokesman said on Friday.
The unencrypted notebook computer went missing in March 2011 and “resulted in the loss of the algorithms used to command and control the International Space Station,” NASA Inspector General Paul Martin told lawmakers this week.
But the US space agency insisted that international astronauts were never at risk aboard the research outpost.
“NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach,” spokesman Trent Perrotto said.
The theft was alerted to Congress on Wednesday along with 5,408 computer security “incidents” that resulted in unauthorized access to NASA systems or installation of malicious software in the past two years, Martin said.
Perpetrators are suspected to include small-time hackers, organized criminal networks and foreign intelligence services.
The attacks affected thousands of NASA computers and cost the agency more than seven million dollars in 2010 and 2011, he said.
Over the past few years, investigations have resulted in the arrests and convictions of hackers from China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey, and Estonia, he said.
One cyber attack still under investigation happened in November 2011, when NASA’s Jet Propulsion Laboratory (JPL) in California reported “suspicious network activity involving Chinese-based IP addresses,” he said.
“Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL’s networks,” he added in testimony to the House Science, Space and Technology subcommittee.
“In other words, the attackers had full functional control over these networks.”
To better guard against such attacks, “NASA needs to improve agency-wide oversight of the full range of its IT assets,” and must encrypt more of its mobile and laptop devices, of which just one percent are currently encrypted, he said.
Until then, NASA “will continue to be at risk for security incidents that can have a severe adverse effect on Agency operations and assets.”
NASA’s spokesman said in response that the space agency is in the process of implementing his recommendations and has made “significant progress to better protect the agency’s IT systems.”