Stolen NASA laptop stored space station code

Space agency NASA has revealed the theft of an unencrypted laptop last year that contained algorithms used "to command and control" the International Space Station.

The agency's inspector general Paul Martin made the revelation in cybersecurity-related testimony before a subcommittee of the US House of Representatives [pdf].

Martin said that NASA reported 48 agency "mobile computing devices" either lost or stolen in the two years to April 2011, including the machine containing the sensitive code.

"Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA's Constellation and Orion programs," he noted.

Constellation is a now-defunct human space flight program, while Orion aimed to operate a multi-purpose crew vehicle under Constellation. Parts of Orion continue in a separate program.

Martin said NASA could not "consistently measure" data loss because it relied on employees to "self-report... rather than determining what was stored on the devices by reviewing backup files".

In addition, Martin laid out figures for the number of recorded attempts by external parties to access its systems or install malicious code.

In 2010 and 2011, he said NASA recorded 5408 "computer security incidents" that caused damage pegged at around $US7 million.

Martin did not break down the incident figure, apart from detailing the number of advanced persistent threats (APTs) aimed at NASA's IT infrastructure.

He said NASA fell victim to 47 APT attacks in the 2011 financial year - 13 of which "successfully compromised agency computers".

One attacker netted 150 user credentials. Another gained full system access to NASA's Jet Propulsion Laboratory's systems.

Martin urged some caution on the figures because not all US agencies subjected themselves to the same level of scrutiny and reporting of computer security incidents as NASA did.