Editor’s Note: A Best Practices case study examining NASA Earth Observing System’s continuous monitoring practices may be found here.
From: TPM
Carl Franzen
NASA’s cybersecurity measures are improving, but the agency still has some gaping holes, according to a new report published in-part on Tuesday by NASA’s Office of Inspector General (OIG).
Specifically, the report finds that NASA has increased its ability to detect and respond to “increasingly sophisticated cyber attacks,” but that NASA’s cybersecurity program doesn’t actually monitor all of NASA’s own networks and isn’t prepared to fend-off sophisticated hackers.
The NASA OIG gave NASA suggestions on how to further beef-up its cybersecurity, which it says the agency responded to and is acting upon, but exactly what these suggestions were and what NASA is doing about them isn’t yet known. The report wasn’t published in full because it “includes material NASA considers sensitive but unclassified information which, if distributed widely, could pose a security threat to NASA computer systems,” according to the NASA OIG.
Still, the report does include new details on how NASA’s cyber security efforts are proceeding.
The NASA division in charge of cybersecurity, known as the Security Operations Center (SOC), was created in 2008 to coordinate all of NASA’s cybersecurity efforts and bolster the agency’s defenses. In 2011, the SOC reported “1,867 cybersecurity incidents” on NASA computers and networks.
NASA’s IT security has been notoriously lax, reportedly due to turf wars between the agency’s Chief Information Officer, Linda Y. Cureton, and NASA’s numerous individual mission directors and directorates.
The new report by gives the SOC credit for putting in place at NASA some common-sense but sorely-needed IT security practices, “including weekly conference calls and security bulletins” which the report says “were effective for sharing security incident and threat information.”
However, the report also states that NASA’s current method of having staff at each of NASA’s cyber networks responsible for its own cyber threat monitoring does “not provide the centralized continuous monitoring coverage,” that is needed.
As such, NASA still remains vulnerable to a type of attack known as an “advanced persistent threat,” which refers to those attacks perpetrated against specific targets over extended periods of time by sophisticated hackers.
The Stuxnet and Flame malware variants found on computers in the Middle East (which were attributed to a joint U.S. and Israeli espionage effort) are examples of advanced persistent threats. These type of attacks also may lead to other types of malware being installed on infected machines, information being stolen, and systems being tampered with.
As the NASA OIG report explains: “Even after the target organization addresses the vulnerability that permitted the attack to succeed, the attacker may covertly maintain a foothold inside the target’s system for future exploits. The increasing frequency of [advanced persistent threats] heightens the risk that key [NASA] Agency networks may be breached and sensitive data stolen.”
Notable breaches and lapses of NASA cyber security have occurred in the past several years: Four Romanian suspects have been arrested since 2005 for allegedly hacking into NASA computer systems, the latest, a hacker known as “Tinkode,” was picked up in January 2012 for “illegally accessing numerous systems belonging to NASA, the Pentagon, the Romanian government.” As the NASA OIG explained in its semi-annual report to Congress filed in March:
“Tinkode claimed to have hacked web servers belonging to NASA and the U.S. Army, posting ‘proof’ of his activities to his blog and YouTube. Prior to his arrest in January, Tinkode had eluded law enforcement authorities for years. In 2010, Tinkode hacked into the websites of the British Royal Navy and the European Space Agency by exploiting a variety of IT security vulnerabilities.”
Two U.S. satellites, the Landsat-7 and the Terra AM, were also reportedly hacked two times each between 2007 and 2009, according to a separate report by Congressional advisory panel that was leaked in October 2011. NASA later confirmed to TPM that “suspicious events” affected the Terra AM satellite.
Regarding the Landsat-7 satellite, a NASA scientist recently told TPM: “We were not impacted by that incident. That was a very short incident with negligible consequences to the research community.”
NASA’s Inspector General also noted in March that 48 NASA laptops had been stolen between 2009 and 2011, including one that contained control codes to the International Space Station.
Leave a Reply