Mariella Moon, @mariella_moon
20th of June, 2019
NASA's Jet Propulsion Laboratory (JPL) suffers from multiple cybersecurity weaknesses despite the advances it has achieved in space technology, according to the agency's Office of Inspector General (PDF). Investigators looked into the research center's network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems, and they also used that chance to find a gateway that allowed them to go deeper into JPL's network.
Diving deeper into the system gave the hackers access to several major missions, including NASA's Deep Space Network -- its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency's network.
In addition to having reduced visibility to devices connected to its network and to not keeping different parts of its network separate, investigators have also found instances of security tickets not being resolved for extended periods of time. In some cases, the tickets sat unresolved for as long as 180 days. The investigators have also noted that JPL's incident management and response practices deviate from NASA's recommendations.
The OIG recommended a fix for all those issues, and NASA agreed to all of them except one: establishing a formal threat-hunting process to find flaws before they even cause issues. It will verify if JPL follows through before closing the investigation entirely.