48 NASA Laptops Stolen in Two Years: A Case for Better Encryption Practices
By Melanie Pinola, PCWorld
It’s not only businesses that need to worry about laptop security.
Even NASA laptops are vulnerable to theft and poor security practices: 48 NASA laptops or mobile devices were stolen from America’s space agency between April 2009 and April 2011, including one–unencrypted–laptop containing control codes for the International Space Station (ISS).
Although ISS does not appear to be in jeopardy, according to a NASA public affairs officer who spoke to the Security News Daily, the NASA security breaches underscore how serious and difficult a problem laptop and mobile device theft is–whether you’re a government agency or a small business or an individual.
In his testimony last month before the Science, Space and Technology House subcommittee, NASA Inspector General Paul Martin admitted that only 1 percent of NASA’s portable devices are encrypted. That leaves 99 percent of the agency’s laptops and mobile devices left unprotected, storing possibly not just employees’ personal data such as Social Security numbers, but also third-party intellectual property and perhaps space or government secrets (yes, I watched many episodes of Chuck).
Biggest Nightmare for a Business?
Lost laptops and lost mobile phones have long topped the list as the biggest nightmare for security chiefs and PR teams (see this Laptop Losers Hall of Shame for some older cringe-worthy stories). Why does encryption continue to pose such a big business challenge?
NASA offers a good example. It doesn’t have an agency-wide data encryption system or solution. Individuals can encrypt a laptop at the file, folder, or drive level, but that could leave too much room for error or leave too much up to user discretion. A centralized, managed encryption solution for your whole fleet of mobile devices is a better idea, but obviously may involve more costly enterprise resources. Implementing such a system across a chain of command, with lots of people and systems involved, no doubt requires a lot of planning and commitment.
Considering that the average value of an individual lost laptop has been computed as more than $49,000, however, making sure each laptop is encrypted before it leaves the room with sensitive data on it is probably well worth the investment.