NASA Plans to Encrypt All Laptops

By Wolfgang Gruener
published

The agency said that no NASA notebook can leave NASA facilities unless full disk encryption is enabled or the files that contain sensitive information are individually encrypted.

NASA has initiated a program to encrypt all notebooks until November 21. Computers without whole disk encryption cannot be taken off NASA premises anymore. Teleworkers are advised to use loaner notebooks instead of NASA devices.

While NASA has not provided details about the theft, it apparently has been an event that is affecting a significant number of people. The laptop, which was stolen from an employee's locked vehicle apparently contained "records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others."

An email sent to NASA employees stated that the computer was password-protected, but did not have whole disk encryption, which indicates that the data "could be accessible to unauthorized individuals."

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
19 Comments Comment from the forums
  • abbadon_34
    unless they inspect each one how will they enfirce this? Implied is that have both encrypted and unencrypted laying around in house.
    Reply
  • edogawa
    I'm surprised they didn't already do this for computers that went in and out. If I ran a government facility with important data I wouldn't let people carry that out the door for any reason.
    Reply
  • joytech22
    They should just create an invisible partition using TrueCrypt or something and store everything in that.
    Practically uncrackable unless you have huge resources, in which case stealing the laptop would be the easy part.
    Reply
  • bookwormsy
    Its about time!
    Reply
  • zareff
    Good for them. Supporting it is not that hard, troubleshooting and normal desktop support might become a PITA though...
    Reply
  • kingssman
    I work for a company that encrypts all their laptops. It's been a standard practice since the release of XP. CREDANT security is what they went with.
    Reply
  • palladin9479
    The ability to do this has been in and around the Government for awhile now. Data At Rest (DAR) is the official program and policies that are used, though there are different COTS options for it. The reason it hasn't been widely adopted is that it complicates an already complicated situation. The people who go TDY with official government computers tend to be higher ranking officers and senior managers. They are not technically proficient and always seem to break something or need help to access the VPN or other piece of software. Something like DAR adds another item that these individuals could inadvertently break, and as their TDY you can't just send a tech over to their desk to fix the problem. The worst part is the IT manager tends to answer to these officials or to the people who work for these officials, so every-time a problem happens, whether it's user error or not (btw you CAN NOT say user error when the user is a high ranking official) it looks bad on your department. The result is the IT managers want as few potential problems as possible, so DAR has been put off and avoided whenever possible.
    Reply
  • cumi2k4
    not going to help if user passwords are mostly "123456"
    Reply
  • palladin9479
    9427586 said:
    not going to help if user passwords are mostly "123456"

    Damn you. Now I have to change the combination on my luggage.
    Reply
  • xpeh
    Maybe it's because NASA is planning something really big?
    Reply