NASA is reeling from the fallout of a data security breach after a laptop containing sensitive information on a large number of employees and contractors was stolen.
The laptop went missing on Oct. 31. It was password protected but the information was not encrypted according to a message issued to NASA employees on Tuesday. The lack of encryption enables anyone to easily view the data. It also forces the agency to publicly disclose the security breach.
"Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals," NASA said in in its message. "We are thoroughly assessing and investigating the incident and taking every possible action to mitigate the risk of harm or inconvenience to affected employees."
The space agency has suffered a number of security lapses. It confirmed a major breach in 2004 in which its websites and its Jet Propulsion Laboratory were penetrated by attackers. A Swedish hacker was indicted following the breach. It prompted NASA to implement a hybrid cloud security model for its sensitive laboratory projects. It has also been the subject of a number of inquiries into its security practices.
NASA said it plans to implement whole-disk encryption on all its employee laptops by Dec. 21. Enterprises can find a number of deployment options for laptop encryption. Most laptops support full disk encryption, file/folder encryption, volume encryption, and pre-encrypted drives.
There is a drawback to whole-disk encryption, according to experts. Whole-disk encryption can impact performance of the laptop and slow boot time. It can also hinder the lack of policy to control user access to systems.