NASA DATA BREACH AND NEED FOR ENCYPTIONIntroductionAs of late there have been various occurrences where personal information has been stolen, lost or subject to unapproved get to. In a significant number of these cases, these were caused by information being insufficiently secured or the gadgets the information was put away on being left in wrong places and sometimes both. We’ve entered a period when the accommodations of across the board availability, including the cloud, has caused a big risk of getting hacked or being stolen in any other way. At the point when information falls into the wrong hands, the results can be devastating. Prominent information ruptures and ransomware assaults have organizations and people on alert for them to safeguard their datas and employ the best methods to secure the same.The most efficient method to safeguard the data is through encryption1 which is based on ancient skills of cryptography.
To decrypt that cipher text into legible data, one needs to have encryption key, which is a series of bits that decode the cryptic information. The key is possessed only by the sender and by the recipient who is intended to be receiving it has in their possession. Various programs are capable of breaking encrypted code by combining various permutations to guess the encryption key, but for very sophisticated and highly complex algorithms, it can take a long time. BackgroundThe breach of data in NASA occurred on October 31, 2012, when a laptop was stolen from the vehicle of a NASA Headquarters employee. The laptop contained hundreds of files and e-mails with the Social Security numbers and other forms of personally identifiable information (PII) for more than 10,000 current and former NASA employees and contractors.
Although the laptop was password protected, neither the laptop itself nor the individual files were encrypted.2This was not the first time NASA experienced a significant loss of PII or other sensitive data but unclassified (SBU) data as a result of the theft of an unencrypted Agency laptop. For example, in March 2012 a bag containing a government-issued laptop, NASA access badge, and a token used to enable remote-access to a NASA network was stolen from a car parked in the driveway of a Kennedy Space Center employee. A review by information technology (IT) security officials revealed that the stolen computer contained the names, Social Security numbers, and other PH information for 2,400 NASA civil servants, as well as two files containing sensitive information related to a NASA program. As a result of the theft, NASA incurred credit monitoring expenses of approximately $200,000 and many such other significant losses have occurred multiple times.3As a result of the security breach, Nasa’s CIO, Linda Cureton and NASA Administrator Charles Bolden have ordered that with immediate effect laptops containing sensitive information could only leave its buildings if the relevant data was encrypted. RecommendationThe protection of data must be ensured by encryption of the data on the drives and even on the mails. The information containing PIIs can affect the governments /companies /organizations and the employees and to avoid small sum expenses such compromises shouldn’t be made in the recent times of cyber vulnerability.
The law makers must take steps like the ones that have been taken in the European Union, i.e., to make encryption of data a mandatory legal requirement and to make necessary catching up legal framework to work in concurrence with the recent developing times and various new methods of attacks on the cyber data.ConclusionAll of these losses could have been avoided if only NASA would have not lagged behind other federal agencies in encrypting and securing the data. The need for encryption is irrefutable and should not be debated upon for it helps the organizations and the people in safeguarding essential/sensitive datas which may contain PIIs. A recent data breach involving Coca-Cola Enterprises Inc.
is a class example of the same as well and this only shows how irresponsible behaviour or carelessness with regard to the cyber security can cause lot of unnecessary expenses and multiple diminishing or highly effecting data losses. 1 Encryption protects data from unauthorized access by converting it into unreadable code that cannot be deciphered easily. Data encryption on computers generally uses a mathematical algorithm to scramble the information to make it unreadable without a key to “unlock” or convert the information to a readable form.2 Letter of the of Inspector General, NASA, Washington, DC 20546-0001: https://oig.nasa.gov/Special-Review/SpecialReview(12-17-12).pdf (Last visited : January 5, 2018).3 Ibid.