Testimony to Congress reveals just how bad NASA's cybersecurity problem has become
Posted 03.05.2012 at 1:10 pm
11 Comments
The ISS, Taken by Endeavour Feb. 9, 2010
This NASA hack story keeps getting worse and worse. We knew that NASA had been the target of a handful off attempted cyber attacks last year, but in testimony before the U.S. House Committee on Science, Space, and Technology over the last week, we’re getting the details straight from Paul Martin, NASA’s inspector general. NASA was targeted 47 times last year and 13 of those hacks were successful, at various points handing hackers “full functional control” of critical NASA networks. At one point the agency even lost the keys to the International Space Station.
NASA is a prestigious target for hackers because of its seat atop the United States' broader technology incubation apparatus, and because of that position it is also a strategic target for foreign state actors and cybercriminals looking to steal things they can profit from. And while the agency reportedly spends about a third of its $1.5 billion IT budget on security, things aren’t looking so secure. Securing a huge bureaucracy like NASA is difficult, no doubt. But according to Martin’s testimony, as of February 2012 only one percent of NASA’s portable devices and laptops were encrypted.
Related Articles
Tags
Technology, Clay Dillow, cyber attacks, cybersecurity, hackers, nasa, security, SpaceThen there are the hacks coming from outside. A particularly damning excerpt from Martin’s testimony (PDF) gives a nice broad overview of just how bad things got last year (by the way, JPL is NASA’s Jet Propulsion Laboratory, and an APT attack is an "Advanced Persistent Threat," meaning it's not a lone hacker or small group, but an organization with the capacity to persistently and effectively target an objective--think: foreign governments):
In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorized access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based Internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts. With full system access the intruders could: (1) modify, copy, or delete sensitive files; (2) add, modify, or delete user accounts for mission-critical JPL systems; (3) upload hacking tools to steal user credentials and compromise other NASA systems; and (4) modify system logs to conceal their actions. In other words, the attackers had full functional control over these networks.
“In other words” -- NASA has a cybersecurity problem. To its credit and to the credit of the international law enforcement community, hackers in more than half a dozen countries have been apprehended in recent months and years for NASA-related cyber crime activities. But losing the laptop with the ISS codes? Unencrypted? This doesn’t inspire confidence in the agency whose very name is supposed to be synonymous with high tech.
[ZD Net]
11 Comments
To comment, please Login.
Popular Tags
Technology
|
|
|
|
|
|
June 2013: American Energy Independence
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.
Popular on Popsci
Most Commented
Technology
- This Newer, Stronger 3-D Printed Gun Costs Just $25
- Thieves Stole $45 Million From ATMs Because The U.S. Uses Absurd 40-Year-Old Technology
- Autonomous X-47B Jet Fighter Makes Historic First Launch From An Aircraft Carrier
- Russia Is Building Robots To 'Neutralize' Terrorists
- How To Turn An AK-47 Into A Soup Ladle
- America's Road To Energy Independence, Part 1
- Mapping The Simpsons' Slow Descent Into Suckitude
- Iran Unveils Absurd New Stealth Drone
- College Students Make First-Ever Successful Flight And Landing Of A Concrete Airplane
- High School Student Wins Hackathon With A Tool That Blocks TV Spoilers
Most Emailed
Technology
- The World's Most Expensive Weapon Just Got A Little Cheaper
- Will Google (And The US Government) Permit Google Glass To Recognize Faces On Sight?
- Big Pic: Hubble Space Telescope Captures The Ring Nebula In Astonishing Detail
- Robotic Kite Power Could Turn The Sky Into A Wind Farm
- 11 Robot Bartenders That Will Get You Drunk
- These 11 Robot Bartenders Will Get You Drunk
- Brazilian Government Invests In Robocops To Prep For World Cup, Olympics
- The BBC's New Radio Can Alter Broadcasts Based On Who's Listening
- Social Media Replaces Police Missing Persons Searches In France
- New Water-Repellant Fabric Is Like A Second Skin
Most Viewed
Technology
- The World's Most Expensive Weapon Just Got A Little Cheaper
- Will Google (And The US Government) Permit Google Glass To Recognize Faces On Sight?
- Big Pic: Hubble Space Telescope Captures The Ring Nebula In Astonishing Detail
- Robotic Kite Power Could Turn The Sky Into A Wind Farm
- 11 Robot Bartenders That Will Get You Drunk
- These 11 Robot Bartenders Will Get You Drunk
- Brazilian Government Invests In Robocops To Prep For World Cup, Olympics
- The BBC's New Radio Can Alter Broadcasts Based On Who's Listening
- Social Media Replaces Police Missing Persons Searches In France
- New Water-Repellant Fabric Is Like A Second Skin
Online Content Director: Suzanne LaBarre | Email
Senior Editor: Paul Adams | Email
Associate Editor: Dan Nosowitz | Email
Assistant Editor: Colin Lecher | Email
Assistant Editor: Rose Pastore | Email
Contributing Writers:
Kelsey D. Atherton | Email
Francie Diep | Email
Shaunacy Ferro | Email
Today on PopSci.com
Copyright © 2012 Popular Science
A Bonnier Corporation Company. All rights reserved. Reproduction in whole or in part without permission is prohibited.
Hello, USA Government,
Our backbone to protecting the USA is our military, I hope you close the door to the electronic security systems you have on the military bases!!!!!!!
These electronic security systems should be a close system and never touch the outside world, INTERNET!!!!!
My suggestion can trickle down, up and around to everything else that is important to the USA as well!!!!
Our government is giving always the USA with debt and in security, it leaving all the doors unlocked too!
In my opinion tolerance and complacency of this type of access is criminal, just criminal!
For the easy freedom of access of information, we are giving up all our security. These institutions need to close the doors, the gates and "internet access."
If these intuitions would be so bothered and force to use a physical means of transportation important secure information, the manner it uses to be, yes it would be slower, but billions and billions of our technical\information assets would not be lost each year!
I was speaking to person the other day in Brazil and the company TAM could not process any of their flights, do to all the computers being shut down.
Now just imagine of in the USA, our Infrastructure gets shut down, our Banks, ATMs, Communications and more!!!!
.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.
This wouldn't have happened if NASA kept their ISS passcode scribbled on a post-it note in a drawer like normal people do.
Yeah and many many groups such as google, the government, etc are preparing the for the day when cars drive us. Now these cars are all connected by GPS, WiFI, etc and I can just see Chinese hackers hacking into the network that controls the cars and telling every car to speed up the the limit and crash into all the other cars and basically kill most every American in a single stroke.
It won't be Skynet that attacks us but hackers that take control of our automated systems.
Thats why I don't trust anything that is run by an automated system, hey NASA idea for you, keep those computers on a closed network, and encrypt the hell out of all ISS communications, its not that difficult for to communicate if those keys are safe.
Maybe the next BLACK plague for humanity will be when an extreme solar flare occurs and technology is fried. We modern intelligent humans all will find ourselves helpless.
We are all so dependent upon our technology and we are can see the warning signs as the hackers mess with our lives.
You best have a month supplies in the closet of can goods and water...
.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.
@Robot
I've been discussing what would happen when/if the worlds tech fried. I'm sure a vast majority would have no clue what to do with themselves if it happened, much less how to get food. If it lasted for any length of time past a month, then I don't know if we would recover anytime soon. Anything under that month would be recoverable but, it would likely take years.
Geawiel,
I agree completely with all you said, which is why I said it be equal to the black plague. This is why I store food for a month. Beyond an electronic fried world and a month, I be fighting for life then.
.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.
The point is, they were hacked successfully and access gained to key systems. However surely encryption of mobile devices is bread and butter stuff for agency security!!! How short sighted could they be to expect that no-one is going to lose their laptop, smart phone etc. They should have in place encryption systems for mobile devices!!
This really sucks for the US, no, scratch that, if they had kept their NASA plans a secret and secure, we wouldn't have this problem.
So the Government continues to lose secrets/data/information CONTROL!!! When will they realize its a problem? Good thing the cold war never have the technology of today
“When Ignorance lurks, so too do the frontiers of discovery and imagination”
― Neil deGrasse Tyson