NASA Plans to Encrypt All Laptops

[Guest]

Following the theft of a NASA notebook on October 31, NASA is taking a dramatic step to ensure that critical data will remain protected.

NASA Plans to Encrypt All Laptops : Read more

 

[abbadon_34]

unless they inspect each one how will they enfirce this? Implied is that have both encrypted and unencrypted laying around in house.

 

[edogawa]

I'm surprised they didn't already do this for computers that went in and out. If I ran a government facility with important data I wouldn't let people carry that out the door for any reason.

 

[joytech22]

They should just create an invisible partition using TrueCrypt or something and store everything in that.
Practically uncrackable unless you have huge resources, in which case stealing the laptop would be the easy part.

 

[bookwormsy]

Its about time!

 

[zareff]

Good for them. Supporting it is not that hard, troubleshooting and normal desktop support might become a PITA though...

 

[kingssman]

I work for a company that encrypts all their laptops. It's been a standard practice since the release of XP. CREDANT security is what they went with.

 

[palladin9479]

The ability to do this has been in and around the Government for awhile now. Data At Rest (DAR) is the official program and policies that are used, though there are different COTS options for it. The reason it hasn't been widely adopted is that it complicates an already complicated situation. The people who go TDY with official government computers tend to be higher ranking officers and senior managers. They are not technically proficient and always seem to break something or need help to access the VPN or other piece of software. Something like DAR adds another item that these individuals could inadvertently break, and as their TDY you can't just send a tech over to their desk to fix the problem. The worst part is the IT manager tends to answer to these officials or to the people who work for these officials, so every-time a problem happens, whether it's user error or not (btw you CAN NOT say user error when the user is a high ranking official) it looks bad on your department. The result is the IT managers want as few potential problems as possible, so DAR has been put off and avoided whenever possible.

 

[cumi2k4]

not going to help if user passwords are mostly "123456"

 

[palladin9479]

not going to help if user passwords are mostly "123456"

Damn you. Now I have to change the combination on my luggage.

 

[xpeh]

Maybe it's because NASA is planning something really big?

 

[AnUnusedUsername]

How were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.

 

[scook9]

[citation][nom]AnUnusedUsername[/nom]How were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.[/citation]
A secretary may have important PII and travel and calendar details for the executive that she supports. Do not overlook the importance of data and how it could be very valuable to the right people.

Full disk encryption should be relatively easy to put in place. I know that the 50,000 employees at my company all cope with it without any major issues....(just don't plug in a esata drive....the brilliant encryption software thinks it is internal and encrypts it for you....making it only visible on that laptop)

 

[palladin9479]

How were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.

Chances are there were sections / departments that had DAR and fully disk encryption put into place. This is just an agency wide policy change, now local IT managers don't have the option of going without it to appease seniors officials.

 

[thillntn]

A little overboard, but i use a hdd password on my systems. If stolen, the drive is not readable without unlocking it. Yes ways exist around this, but most crooks wanting to sell it won't know how. Never enough layers for a determined thief...but surprised this isn't a mandatory thing way before now.

 

[nvidiaguy07]

[citation][nom]abbadon_34[/nom]unless they inspect each one how will they enfirce this? Implied is that have both encrypted and unencrypted laying around in house.[/citation]
what?

 

[Auroram]

[citation][nom]cumi2k4[/nom]not going to help if user passwords are mostly "123456"[/citation]
Actually, it will. You can image new laptops to come with Bitlocker, for example. Set the password requirement to contain at least a combination of a fair amount of letters/numbers/symbols, etc. Enforcing a proper password isn't all that hard, loads of IT guys are simply to laid back to go against managers who complain about password policies.

After that it's simply a matter of encypted systems becoming inaccessible after entering the wrong password to many times.

 

[cats_Paw]

What Do they know that we cannot know? Lets make a simple logical analisys:
Nasa>space>Aliens...
Nah probably dont want everyone to know they dont really do anything in there .

 

[Scar89]

I thought they would have already done this after that stolen laptop indecent (or before!) but I guess with all the budget cuts......

 

[freggo]

"to encrypt all notebooks until November 21."

So after November 2st the encryption can be removed ?

Shouldn't it read "to encrypt all notebooks by November 21." ?
Just curious, as I am not a native English speaker, as to whether or not my grammar is off.