in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Advanced Technology Encryption: NASA Will Encrypt All Laptops

NASA, the US National Aeronautics and Space Administration, is forbidding staff from removing laptop computers until all of them have been protected with laptop encryption.  The order follows an announcement that NASA lost another computer on October 31.

NASA: Not Actually Securing Anything?

According to the BBC, NASA has ordered staff not to remove agency-issued laptops from facilities until they are protected with encryption software.  The straw that broke the camel's back is an October 31 incident: a laptop computer was stolen from an employee's car in Washington, D.C.  The computer contained sensitive, personally identifiable information (PII).  The report did not specify what it could be, although PII can range anything from names and addresses to SSNs, credit card numbers, and various forms of financial information.

Password protection was used to secure the content, but as is common knowledge among geeks and technologists, password protection does not feature the same level of security as encryption.  The fact that this is lost on rocket scientists would tickle me silly if it were not so sad.

NASA is alerting its employees that they should take care not to be phished.  A full review of the lost data could take up to 60 days.

Fine Print

Reading the actual agency-wide message, it's quite clear that NASA is not actually forbidding staff from taking home their agency laptops.  If you read the fine print (spaceref.com, my emphasis):

The Administrator and the Chief Information Officer (CIO) have directed that, effective immediately, no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted. This applies to laptops containing PII, International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) data, procurement and human resources information, and other sensitive but unclassified (SBU) data.

As long as the laptop doesn't contain information such as the above, it should be fine.  The problem in this era of terabytes, though, is whether one can be absolutely sure that he or she is not carrying sensitive information.

Such pragmatic concerns are what led certain IT security advocates to deploy full disk encryption software on all laptops, regardless of who's using for which purpose, if there is even a remote chance of sensitive data ending up in them (because an organization handles sensitive data).

NASA appears to be playing a page from that book:

Center CIOs have been directed to complete the whole disk encryption of the maximum possible number of laptops by November 21, 2012. NASA plans to complete the laptop encryption effort by December 21, 2012, after which time no NASA-issued laptops without whole disk encryption software, whether or not they contain sensitive information, shall be removed from NASA facilities.

So, for the time being, the US's premier (and only) space agency will allow unencrypted laptops to be taken in and out of facilities but all of it ends 10 days before the end of the year.  Why ten days?  Who knows -- maybe they like the fact that the dates are all ones and twos: 12/21/2012. (It's a stupid suggestion because, among other things, there's an errant zero in the mix).

While one congratulates NASA for the above, one has to wonder what took them so long?  I mean, they had that situation over a year ago, in March 2011 and another earlier this year.

I guess that saying about good and bad things coming in three must be true.


Related Articles and Sites:
http://www.bbc.co.uk/news/technology-20343745
http://science.slashdot.org/story/12/11/15/1513227/nasa-to-encrypt-all-of-its-laptops

<Previous Next>

iPad Security: $1.5 Million In iPad Mini Tablets Stolen From JFK

BYOD Is A Backward Trend, Says IT Sec Company Head

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.