NASA breach update: Stolen laptop had data on 10,000 users
The compromise isn't surprising considering that NASA has the lowest portable device encryption rate among all federal agencies, said John Pescatore, an analyst with Gartner Inc.
According to a report released in March by the White House Office of Management and Budget, only 41% of NASA-owned portable devices meet the encryption requirements of the Federal Information Security Management Act (FISMA), Pescatore said.
NASA's effort fall far behind other agencies, he said, noting that 83% of all federal government laptops run encryption tools.
Pescatore noted that NASA is likely hurt because it's made up of multiple separate fiefdoms.
Each of the agency's labs has separate IT operations with their own standards, he said. "That has complicated NASA's ability to drive a enterprise security solution. It is probably the biggest reason why NASA is consistently" behind other agencies in security grades, he said.
The mandate to encrypt sensitive data on federal systems stems from a 2006 incident in which a laptop computer and hard disk belonging to the U.S. Department of Veterans Affairs was stolen from the home of a VA data analyst.
The stolen equipment, later recovered by the FBI, contained unencrypted personal data belonging to over 26.5 million active military duty personnel and veterans.
Ironically, more than six years after the incident, the VA encryption rate ranks third from the bottom among federal agencies, Pescatore added.
Considering the VA's record, NASA's encryption problems shouldn't be a surprise, added Richard Stiennon principal at IT-Harvest.
"No surprise at all. Employees will always squirrel away data. Trunks will always been broken into. Laptops will always be targets for theft," Stiennon said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts