Investigation into the JPL breach is ongoing, Martin told a House Committee on Science, Space, and Technology panel hearing on Feb. 29.
In 2010 and 2011 NASA reported 5,408 computer security incidents that resulted in the installation of malware or unauthorized access to the space agency’s systems.
“Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million”, he testified.
In March 2011, someone stole an unencrypted NASA notebook computer that contained algorithms to control the International Space Station. Other lost of stolen notebooks have contained employee social security numbers and sensitive data on NASA’s next-generation space travel programs Constellation and Orion.
“NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files”, Martin told the House panel.
IG audits have found “internal control weaknesses" in NASA’s IT security control monitoring and cybersecurity oversight. In addition, the audits found that the agency’s chief information officer has “limited ability” to direct NASA’s mission directorates to implement IT security programs, he said.