NASA has revealed it discovered a security breach that allowed hackers to steal 500MB of data related to ‘major mission systems.’ The incident was discovered in April 2018 by NASA’s Jet Propulsion Laboratory, which found that an external user’s account had been compromised, enabling the hacker to access the JPL network with a Raspberry Pi computer.
The security breach was disclosed by the NASA Inspector General Office of Audits in a report (PDF) published on June 18, 2019. The audit details the Jet Propulsion Laboratory’s cybersecurity, including details on past incidents. In addition to mentioning the agency’s 2011 security breach in which 87GB of data was stolen, the report discloses data theft that was discovered in April 2018.
The report explains that NASA JPL utilizes a web app called Information Technology Security Database (ITSDB) for tracking and managing its network applications and physical assets. The JPL internal network is only accessible to ‘IT resources’ that have been registered in this database and approved by the lab.
According to NASA, when the team receives receipt of a new equipment notification, line managers are given 30 days to assign the new property to system security plans and to ‘implement required security controls.’ During the investigation, and among other security issues, officials found that:
…system administrators did not consistently update the inventory system when they added devices to the network. Specifically, we found that 8 of 11 system administrators responsible for managing the 13 systems in our sample maintain a separate inventory spreadsheet of their systems from which they periodically update the information manually in the ITSDB. One system administrator told us he does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information. Consequently, assets can be added to the network without being properly identified and vetted by security officials.
The April 2018 hack was a direct consequence of that, the report reveals. A Raspberry Pi that wasn’t authorized for the JPL network was able to access it and steal data. Following the security breach discovery, NASA’s Johnson Space Center temporarily disconnected from the gateway to protect its own network.
The concern prompting Johnson Space Center’s decision was, the report states, due to fears that hackers could ‘move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems.’ The connection was restored around seven months later. By March 2019, however, Johnson Space Center still had now fully restored it use of all deep space network communications data due to ‘continuing concerns about its reliability.’