In testimony to Congress, NASA Inspector General Paul Martin has exposed a barrage of attacks by hackers that NASA faced in 2010 and 2011, and just how poorly prepared the Agency was to deal with them. The report revealed that a shocking 5,408 attacks resulted in the installation of malware or unauthorized access to the Agency's systems. Additionally, it also detailed 47 "advanced persistent threats" — sophisticated attacks, of which 13 successfully breached NASA's systems. Martin estimates that the theft of sensitive and export-controlled data has cost the agency more than $7 million over the past two years.
While the amount NASA is targeted might come as a surprise, the Agency's ill-preparedness is even more stunning. Martin revealed that, shockingly, less than one percent of its laptops and mobile devices are encrypted, as compared to a government-wide average of 54 percent. Because of this, algorithms used to control the International Space Station, staff social security numbers, and confidential information on NASA's Constellation and Orion programs have all been lost as devices have been mislaid or stolen.
NASA's security has already been in the spotlight in recent months, including revelations that its computers had formed part of a widespread botnet over several years, but the scale of these newly reported breaches is staggering. Martin recommends that NASA must tighten up its data protection — including adding an Agency-wide encryption system — if it wishes to avoid further security breaches in future. Sadly for the agency, those are bare-minimum solutions that should have been implemented long ago.