Jump to content



Photo

Nasa to encrypt data after its latest laptop loss


  • Please log in to reply
13 replies to this topic

#1 Asrokhel

Asrokhel

    Neowinian

  • 1,027 posts
  • Joined: 05-April 12
  • OS: Windows 8 Pro x64 (testing to see if I keep it or go back to Windows 7)

Posted 15 November 2012 - 18:11

US space agency Nasa has ordered that the data on all its laptops must be encrypted, after losing another one of its portable computers.

Until the process is complete, it has forbidden staff from removing Nasa-issued laptops containing sensitive information from its facilities.

The order follows the loss of a device containing "sensitive personally identifiable information".

There have been several similar incidents over recent years.

Nasa said the latest incident had occurred on 31 October, when a laptop and documents were stolen from a locked vehicle of one of its employees at Nasa headquarters in Washington DC.

The machine was password protected, but the agency acknowledged that the information might still be accessible to hackers since it was not encrypted.

Encryption would have scrambled the data, requiring a complicated code to make it understandable again.

As a result, Nasa has warned its workers to watch out for bogus messages.

"All employees should be aware of any phone calls, emails, and other communications from individuals claiming to be from Nasa or other official sources that ask for personal information or verification of it," an agency-wide email published by news site Spaceref stated.

"Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted."

Encryption order

As a result of the security breach, Nasa's chief information officer, Linda Cureton, has said that with immediate effect laptops containing information about the following topics could only leave its buildings if the relevant data was encrypted:

* The international sale or transport of weapons, nuclear equipment or other materials that fall under the US's export administration regulations
* Information about Nasa's human resources
* Other "sensitive but unclassified" data

She said that she wanted the maximum possible number of laptops to be encrypted by Wednesday and a target of all laptops a month later. In addition employees have been banned from storing sensitive data on mobile phones, tablets and other portable devices.

The Nasa Watch blog, which comments on affairs at the agency, had previously criticised it for a series of other data losses.

It noted that the organisation had been warned in 2009 that it was not taking enough steps to sufficiently protect information and had reported the loss or theft of 48 of its mobile computing devices between April 2009 and April 2011.

This is not the first time Nasa has promised action to address the problem.

In March, Nasa administrator Charles Bolden told the House Appropriations Committee Subcommittee on Commerce that that he was going to sign a directive ordering all portable devices to use encryption, after acknowledging the agency was "woefully deficient" when compared to other government departments.












http://www.bbc.co.uk...nology-20343745


#2 Blueclub

Blueclub

    Neowinian

  • 800 posts
  • Joined: 15-October 05
  • Location: Karachi, Pakistan
  • OS: Windows 8.1 Pro x64
  • Phone: OnePlus One

Posted 15 November 2012 - 18:28

It amazes me how many of the US organizations/companies don't encrypt there data (create FDE), heck I only have family pictures and work files that anybody would care less to see, I keep my laptop encrypted even though, so if someone steals, or I lose the laptop somehow my things stay mine (as they are backed up). Its just simple encryption, not a chemistry formula, why would any big organization/company not do it in the first place?

#3 tsupersonic

tsupersonic

    Neowinian Senior

  • 6,795 posts
  • Joined: 30-September 06
  • Location: USA
  • OS: Win. 8.1 Pro. x64/Mac OS X
  • Phone: iPhone 5S/Nexus 5

Posted 15 November 2012 - 18:31

WAIT, their laptops are not encrypted? WTF? What a terrible move by their IT department! Sounds like they need new IT leadership...

#4 vetneufuse

neufuse

    Neowinian Senior

  • 17,104 posts
  • Joined: 16-February 04

Posted 15 November 2012 - 18:34

wow... we've had a company policy that we MUST use truecrypt with AES at minimum as a boot level encryption on all laptops for many years now and all encryption passwords are at least 15 characters long, and picked by IT staff not the individuals to ensure they are compliant with encryption standards here...

#5 OP Asrokhel

Asrokhel

    Neowinian

  • 1,027 posts
  • Joined: 05-April 12
  • OS: Windows 8 Pro x64 (testing to see if I keep it or go back to Windows 7)

Posted 15 November 2012 - 18:36

wow... we've had a company policy that we MUST use truecrypt with AES at minimum as a boot level encryption on all laptops for many years now and all encryption passwords are at least 15 characters long, and picked by IT staff not the individuals to ensure they are compliant with encryption standards here...


Finally, someone who uses TrueCrypt, maybe you can tell me how to use it, because the instructions on the web site suck. And, I'm getting a laptop again soon.

#6 vetneufuse

neufuse

    Neowinian Senior

  • 17,104 posts
  • Joined: 16-February 04

Posted 15 November 2012 - 18:38

Finally, someone who uses TrueCrypt, maybe you can tell me how to use it, because the instructions on the web site suck. And, I'm getting a laptop again soon.


it's an extremely simple program to use

#7 fusi0n

fusi0n

    Don't call it a come back

  • 3,901 posts
  • Joined: 08-July 04
  • OS: OSX 10.9\Windows 10\Ubuntu
  • Phone: LG G3

Posted 15 November 2012 - 18:41

i was going to reply.. but it seems everyone has said what I was going to post.. soo i'll just say cool story bro

#8 +chconline

chconline

    I review, not promote.

  • 13,155 posts
  • Joined: 20-August 04
  • Location: Calgary, AB, Canada

Posted 15 November 2012 - 18:46

You mean they DON'T encrypt their data? :laugh:

#9 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,996 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 15 November 2012 - 18:55

I guess they've never heard of the word "proactive!"

#10 +Xinok

Xinok

    Resident Reresident

  • 3,500 posts
  • Joined: 28-May 04
  • Location: Shikaka
  • OS: Windows 7 x64
  • Phone: Galaxy S3

Posted 15 November 2012 - 19:04

Finally, someone who uses TrueCrypt, maybe you can tell me how to use it, because the instructions on the web site suck. And, I'm getting a laptop again soon.

Lots of people here use TrueCrypt (including myself). If you can't figure it out on your own, create a new thread and we'll help you out.

I encrypt my laptop. If my laptop were ever stolen, I know my data is secure... unless they keep the laptop powered on and bypass the login screen through the FireWire port... Nothing is secure these days, especially my f-ing Android phone. :/

Many devices are easily broken into with user-friendly forensics software such as this.

#11 OP Asrokhel

Asrokhel

    Neowinian

  • 1,027 posts
  • Joined: 05-April 12
  • OS: Windows 8 Pro x64 (testing to see if I keep it or go back to Windows 7)

Posted 15 November 2012 - 20:06

it's an extremely simple program to use


If it was so 'simple', how come I still can't figure out how to use it!

#12 ahhell

ahhell

    Neowinian Senior

  • 8,896 posts
  • Joined: 30-June 03
  • Location: Winnipeg - coldest place on Earth - yeah

Posted 15 November 2012 - 20:09

It's amazing how an organization of smart people can be so dumb.

#13 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 15 November 2012 - 20:14

Encryption costs money. Did anyone think about what happens when you underfund an entire department like Nasa is? Mistakes happen.

#14 vetneufuse

neufuse

    Neowinian Senior

  • 17,104 posts
  • Joined: 16-February 04

Posted 15 November 2012 - 21:18

If it was so 'simple', how come I still can't figure out how to use it!


Install it
Start the program up, go to system menu, select encrypt system partition, follow the wizard, that's all the harder it is... and all the wizard does is make sure you have MBR partition tables (GTP is not supported) select the drive, pick a password, make a recovery CD and then it encrypts it... when done restart and it will ask for the password on the next boot..... that's all the harder it is

Encryption costs money. Did anyone think about what happens when you underfund an entire department like Nasa is? Mistakes happen.


Really? didn't cost us a cent outside normal IT time cost to encrypt 100+ laptops... just pull one when you have time encrypt the drive put it back in service.... keep going until its done... we didn't have to "budget" for it... truecrypt is free, each laptop took a whole 3 minutes of our time of actual worker time not it sitting there clearing free space until its done time