Schiff to have space agency chief explain laptop file theft
By Kevin Uhrich 02/28/2013
NASA is doing its best to downplay the loss of 40,000 personnel files — highly personal data about its past and present scientists and engineers — that were contained in a laptop computer stolen on Halloween from a car parked near the space agency’s headquarters in Washington, DC.
Not surprisingly, NASA Administrator Charles Bolden did not personally return messages regarding the Pasadena Weekly’s story last week on the lost files, which in November agency officials initially estimated to be four times fewer than the number of files they are now saying were actually lost that night.
Speaking for Bolden, Michael Cabbage, NASA’s news and multimedia director, insisted the situation is under control.
Even though NASA has a history of computer security breaches dating back to 2007 and 2008, when the Government Accountability Office (GAO) said the agency had reported 1,120 “security incidents,” and that same GAO report revealed that in 2009 a NASA center reported the theft of a laptop computer that contained some 3,000 unencrypted files regarding arms traffic regulations and wind tunnel tests for a supersonic jet, Cabbage maintains there is nothing to worry about.
“There is currently no indication that any of the personal information on the laptop has been used for fraudulent purposes as a result of this incident,” wrote Cabbage, adding the computer contains no other types of “sensitive” information, like that lost in 2009.
Unfortunately for Bolden, a retired Marine Corps major general and a former astronaut whose vision for NASA has clashed sharply with that of the Obama administration, that may not be good enough for Congressman Adam Schiff of Burbank. A moderate Democrat and former federal prosecutor, Schiff’s district before last year’s state-mandated redistricting included Pasadena, home of Caltech and Jet Propulsion Laboratory (JPL), which is owned by NASA and managed by Caltech.
Calling the theft of this laptop “deeply troubling,” Schiff said he will be asking Bolden during budget hearings beginning Monday what, exactly, is being done to better secure the personal information of agency employees.
“Revelations that the number of employees whose information was disclosed is growing are especially distressing, as it appears that NASA had little idea what was on the computer that was lost,” Schiff wrote in an email to the Weekly.
The Halloween computer theft came nearly two years after the US Supreme Court ruled in NASA’s favor in NASA v. Nelson, so named for lead respondent Dr. Robert Nelson, a 34-year space scientist with JPL who, along with 27 other JPL workers, sued NBASA and Caltech to stop implementation of Homeland Security Presidential Directive #12, or HSPD-12. President George W. Bush’s 2004 directive requires all federal workers — including contract employees at JPL, like Nelson and his colleagues — to submit to highly intrusive background investigations or be fired.
Nelson and the other respondents argued that NASA did not need intimate details about the lives of its contract employees. The group further said that once NASA had such information, the agency would be incapable of securing it.
On Tuesday, Cabbage said Bolden “has ordered a complete review of this incident and a report on the agency’s progress to better protect its information technology systems, including laptop computers.” In addition, Cabbage wrote, “NASA’s inspector general is investigating the theft of the laptop in cooperation with local authorities.”
Schiff said Bolden will be appearing before the Commerce, Justice, Science subcommittee of the Appropriations Committee next week, and “I intend to probe what NASA is doing to assist those whose data has been compromised, and to better secure its employees’ data in the future.”
After the 2009 incident, in which NASA “lost” a computer containing information about arms trafficking and wind tunnel tests, the agency was required to encrypt its laptops, according The New York Times, but not all of the agency’s laptops had been adjusted by the time of the Halloween theft. And the job is still not finished.
Over the past year, Cabbage said NASA has encrypted 99.7 percent of all of its computers.
“As a result of the latest laptop theft, NASA accelerated the completion of the whole disk encryption effort, working overtime to encrypt more than 32,500 laptops. The remaining computers that have not been encrypted may be granted waivers exempting them from encryption because they contain no data and are considered spares or unused,” Cabbage wrote.
NASA-issued laptops without whole disk encryption software are no longer allowed to be removed from NASA facilities. In addition, Cabbage said, employees are being directed to review information contained on their own computers. Along with that, NASA is offering credit monitoring services to those affected by the breach.
Unfortunately for all of us, said Schiff, “This is a problem that goes way beyond NASA, and I am greatly concerned about the government’s information security as a whole. As a member of the House Permanent Select Committee on Intelligence, I have spent a great deal of time over the past few years immersed in the cyber threats to the United States from China, Russia and elsewhere. And, at a time when the government should doing more to secure our networks, we are faced with the prospect of indiscriminate budget cuts that will inevitably weaken information security and our ability to detect and repel hackers.”