A NASA laptop stolen last year had not been encrypted, despite containing codes used to control and command the International Space Station, the agency's inspector general told a US House committee.

NASA IG Paul Martin said in written testimony (PDF) to the House Committee on Science, Space and Technology that a laptop was stolen in March 2011, which "resulted in the loss of the algorithms used to command and control the ISS".

 Martin also admitted that 48 different agency laptops or mobile devices had been lost or stolen between April 2009 and April 2011. The kit contained sensitive data including third-party intellectual property and social security numbers as well as data on NASA's Constellation and Orion programs.

"Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," Martin told the Subcommittee on Investigations and Oversight.

As well as facing the continuous disappearance of unencrypted staff laptops, NASA is also subject to increasingly sophisticated cyber attacks, Martin told the hearing.

"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems," he said.

"These incidents spanned a wide continuum: from individuals testing their skill to break into NASA systems, to well-organised criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives."

He said the intrusions had disrupted mission operations, had resulted in the theft of sensitive data and had cost the agency more than $7 million.