Hackers penetrated NASA's computers 13 times last year, including one China-based breach that gained total access to and control of crucial systems and employee accounts at the Jet Propulsion Laboratory, the space agency's inspector general told Congress this week.

Another security failure occurred in March 2011, when an unencrypted NASA notebook computer was stolen. It contained algorithms to command and control the International Space Station. NASA said, however, the station was never in any jeopardy.

All told, NASA reported more than 5,400 incidents of malicious software or unauthorized access of its computers between Oct. 1, 2010, and Sept. 30, 2011, NASA Inspector General Paul Martin said in his written testimony (pdf) delivered Wednesday to a hearing of the House Science, Space and Technology Committee investigations subcommittee. The agency suffered 47 attacks by "advanced persistent threats" — groups or individuals repeatedly attacking a computer or system, the National Journal reported.

Only 1% of NASA's portable devices are encrypted, and 48 were stolen between April 2009 and April 2011, Martin stated.

In the November attack on the Jet Propulsion Laboratory, in Pasadena, Calif., the intruders "gained full access to key JPL systems and sensitive user accounts." Hackers traced to China-based Internet Protocol addresses stole personal credentials for 150 employees.

"The attackers had full functional control over these networks," the IG's report stated, adding that they would have been able to "modify, copy or delete sensitive files" or "upload hacking tools to steal user credentials and compromise other NASA systems," the BBC notes.

"These incidents spanned a wide continuum, from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin said. "Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million."

He said hacking suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

NASA said in a statement the agency had "made significant progress to protect the agency's IT systems."

NASA's computer-security problems are not new, as FierceGovernmentIT reports. In five years the NASA inspector general has conducted 21 audits and made 69 IT-related recommendations.

In September, the IG reported that a cybersecurity audit for fiscal 2009 found that "security control assessments and contingency plan testing went undone and that the NASA chief information officer was unaware of the cybersecurity hole," FGIT wrote at the time.

In December, Martin delivered an audit (pdf) that said NASA faces "significant challenges" in "transitioning to a continuous monitoring approach" for its systems.

In a subcommittee news release the chairman, Rep. Paul Broun, R-Ga., noted that many of NASA's technologies also can be used for military purposes and cautioned that without "persistent vigilance," NASA risks becoming an unlocked 'back door'" that threatens national security.

The Christian Science Monitor asks, "Is it really easy to hack NASA computers?"