Sign in with
Sign up | Sign in

NASA Plans to Encrypt All Laptops

By - Source: SpaceRef | B 19 comments

The agency said that no NASA notebook can leave NASA facilities unless full disk encryption is enabled or the files that contain sensitive information are individually encrypted.

NASA has initiated a program to encrypt all notebooks until November 21. Computers without whole disk encryption cannot be taken off NASA premises anymore. Teleworkers are advised to use loaner notebooks instead of NASA devices.

While NASA has not provided details about the theft, it apparently has been an event that is affecting a significant number of people. The laptop, which was stolen from an employee's locked vehicle apparently contained "records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others."

An email sent to NASA employees stated that the computer was password-protected, but did not have whole disk encryption, which indicates that the data "could be accessible to unauthorized individuals."

Contact Us for News Tips, Corrections and Feedback

Display 19 Comments.
This thread is closed for comments
Top Comments
  • 16 Hide
    edogawa , November 15, 2012 10:08 PM
    I'm surprised they didn't already do this for computers that went in and out. If I ran a government facility with important data I wouldn't let people carry that out the door for any reason.
Other Comments
  • -5 Hide
    abbadon_34 , November 15, 2012 10:06 PM
    unless they inspect each one how will they enfirce this? Implied is that have both encrypted and unencrypted laying around in house.
  • 16 Hide
    edogawa , November 15, 2012 10:08 PM
    I'm surprised they didn't already do this for computers that went in and out. If I ran a government facility with important data I wouldn't let people carry that out the door for any reason.
  • -3 Hide
    joytech22 , November 15, 2012 10:24 PM
    They should just create an invisible partition using TrueCrypt or something and store everything in that.
    Practically uncrackable unless you have huge resources, in which case stealing the laptop would be the easy part.
  • 2 Hide
    bookwormsy , November 15, 2012 10:29 PM
    Its about time!
  • 3 Hide
    zareff , November 15, 2012 10:47 PM
    Good for them. Supporting it is not that hard, troubleshooting and normal desktop support might become a PITA though...
  • 2 Hide
    kingssman , November 15, 2012 11:01 PM
    I work for a company that encrypts all their laptops. It's been a standard practice since the release of XP. CREDANT security is what they went with.
  • 2 Hide
    palladin9479 , November 15, 2012 11:38 PM
    The ability to do this has been in and around the Government for awhile now. Data At Rest (DAR) is the official program and policies that are used, though there are different COTS options for it. The reason it hasn't been widely adopted is that it complicates an already complicated situation. The people who go TDY with official government computers tend to be higher ranking officers and senior managers. They are not technically proficient and always seem to break something or need help to access the VPN or other piece of software. Something like DAR adds another item that these individuals could inadvertently break, and as their TDY you can't just send a tech over to their desk to fix the problem. The worst part is the IT manager tends to answer to these officials or to the people who work for these officials, so every-time a problem happens, whether it's user error or not (btw you CAN NOT say user error when the user is a high ranking official) it looks bad on your department. The result is the IT managers want as few potential problems as possible, so DAR has been put off and avoided whenever possible.
  • 4 Hide
    cumi2k4 , November 15, 2012 11:39 PM
    not going to help if user passwords are mostly "123456"
  • 7 Hide
    palladin9479 , November 15, 2012 11:53 PM
    Quote:
    not going to help if user passwords are mostly "123456"


    Damn you. Now I have to change the combination on my luggage.
  • 2 Hide
    xpeh , November 15, 2012 11:57 PM
    Maybe it's because NASA is planning something really big?
  • 0 Hide
    AnUnusedUsername , November 16, 2012 12:28 AM
    How were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.
  • 0 Hide
    scook9 , November 16, 2012 12:57 AM
    AnUnusedUsernameHow were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.

    A secretary may have important PII and travel and calendar details for the executive that she supports. Do not overlook the importance of data and how it could be very valuable to the right people.

    Full disk encryption should be relatively easy to put in place. I know that the 50,000 employees at my company all cope with it without any major issues....(just don't plug in a esata drive....the brilliant encryption software thinks it is internal and encrypts it for you....making it only visible on that laptop)
  • 1 Hide
    palladin9479 , November 16, 2012 1:55 AM
    Quote:
    How were they not doing that before? It's industry standard to encrypt all laptops used in software development for this very reason. I guess a secretary might not have an encrypted laptop, but I'm a bit dismayed that NASA wasn't encrypting things.



    Chances are there were sections / departments that had DAR and fully disk encryption put into place. This is just an agency wide policy change, now local IT managers don't have the option of going without it to appease seniors officials.
  • 0 Hide
    thillntn , November 16, 2012 2:30 AM
    A little overboard, but i use a hdd password on my systems. If stolen, the drive is not readable without unlocking it. Yes ways exist around this, but most crooks wanting to sell it won't know how. Never enough layers for a determined thief...but surprised this isn't a mandatory thing way before now.
  • 0 Hide
    nvidiaguy07 , November 16, 2012 3:29 AM
    abbadon_34unless they inspect each one how will they enfirce this? Implied is that have both encrypted and unencrypted laying around in house.

    what?
  • 0 Hide
    Auroram , November 16, 2012 6:20 AM
    cumi2k4not going to help if user passwords are mostly "123456"

    Actually, it will. You can image new laptops to come with Bitlocker, for example. Set the password requirement to contain at least a combination of a fair amount of letters/numbers/symbols, etc. Enforcing a proper password isn't all that hard, loads of IT guys are simply to laid back to go against managers who complain about password policies.

    After that it's simply a matter of encypted systems becoming inaccessible after entering the wrong password to many times.
  • 1 Hide
    cats_Paw , November 16, 2012 7:40 AM
    What Do they know that we cannot know? Lets make a simple logical analisys:
    Nasa>space>Aliens...
    Nah probably dont want everyone to know they dont really do anything in there :D .
  • 0 Hide
    Scar89 , November 16, 2012 10:19 AM
    I thought they would have already done this after that stolen laptop indecent (or before!) but I guess with all the budget cuts......
  • 0 Hide
    freggo , November 16, 2012 11:18 AM
    "to encrypt all notebooks until November 21."

    So after November 2st the encryption can be removed ?

    Shouldn't it read "to encrypt all notebooks by November 21." ?
    Just curious, as I am not a native English speaker, as to whether or not my grammar is off.