There’s a good reason why whoever stole the NASA laptop containing codes for the International Space Station hasn’t taken over control of the orbital outpost — they can’t.
The keys to the main computers aboard the $100 billion research laboratory reside in control centers on Earth, primarily in Houston at NASA’s Johnson Space Center and outside of Moscow, from where Russia commands its part of the station.
NASA also has a backup control at the Marshall Space Flight Center in Huntsville, Ala., in case Houston has to shut down for a hurricane or other reason.
“The laptop that was stolen had no ability to command to ISS (International Space Station),” NASA’s space operations chief William Gerstenmaier told Discovery News. “We typically have no laptops that can command to the ISS. You have to be in a mission control center that has command.”
NASA’s Office of Inspector General told Congress last week that a laptop containing algorithms to command and control the station was among 48 NASA mobile computing devices that were lost or stolen between April 2009 and April 2011.
“Increasingly, NASA has become a target of a sophisticated form of cyber-attack,” Inspector General Paul Martin wrote in testimony submitted to the House Science, Space and Technology Committee.
“Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk,” Martin said.
He told Congress that investigators have conducted more than 16 investigations of breaches of NASA networks during the past few years, several of which have resulted in the arrests and convictions of foreign nationals in China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey and Estonia.
Martin’s office also found that six computer servers associated with NASA spacecraft control had “critical data vulnerabilities” that could allow a remote attacker to take control of or render them unavailable. That includes a system that provides mission support to the (now-retired) space shuttle and the International Space Station.
Gerstenmaier agrees NASA could do more to tighten computer security, such as by encrypting hard drives and being more attentive to the use of firmware, flash drives and software that can contain malicious codes.
As for the space station, Gerstenmaier says it is is safe.
“I don’t want to put a challenge out there to the hacker community, but we are fairly secure,” he said.
Not that the station, which flies about 240 miles above Earth, has been immune to computer malfeasance. For example, in 2008 a virus designed to steal passwords from online gamers showed up in some laptops aboard the station.
“It’s a fact of life that some small fraction of computers that are connected to the outside world are going to have security violations on them,” John Pike, director of GlobalSecurity.org, a Washington D.C.-based think tank, told Discovery News.
“There’s just so much heavy breathing around this stuff. It frightens the technically illiterate. It’s a way to get more money,” Pike said.
“It’s normal stuff,” added Gerstenmaier. “The basic command software for the station is pretty protected.”
NASA Administrator Charlie Bolden will face additional questions about the agency’s computer security lapses when he testifies before another Congressional committee on Wednesday.
“I hope you will come ready to answer some of the questions being raised in the wake of Mr. Martin’s testimony,” Sen. Bill Nelson, a Florida Democrat, wrote in a letter to Bolden on Tuesday.