Interplanetary Hacking: How the Space Industry Mitigates Cyberthreats
Editor’s note: Rasa Juzenaite also contributed to this article.
Section 1. Introduction
The exploration of space has benefitted highly from the technological development of our modern civilization. Although recent reports about finding water on Mars or detecting blue skies on Pluto still cause us excitement, space exploitation is already a fact. Contemporary society relies on infrastructures and communication systems set up in space for many aspects of our everyday life, including GPS and the Internet. Sustained by recent technological innovation, such space systems exist as a network of complex computers that are running sophisticated operational systems.
The data collected through space-based facilities attracts digital criminals. Even though the U.S. National Aeronautics and Space Administration (NASA) together with other space agencies worldwide put significant efforts to protect their computers from losing sensitive data and disrupting operations, the space community still suffers from a growing number of cyber-attacks. Media channels continuously report about successful cyber-attacks when skilled hackers break into space systems and search confidential files with a purpose to obtain information about non-earth life forms, take over control of spaceships, or hijack satellite services.
This article will address the challenges of space cyber security by analyzing the information security vulnerabilities of NASA (Section 2), describing major information security incidents related to space investigation (Section 3), and discussing policies designed to prevent hacking of space systems (Section 4). Finally, a conclusion is drawn (Section 5).
Section 2. NASA cyber security vulnerabilities
Currently, more than a thousand operational satellites, which support telecommunications, banking, and whether forecast systems, are orbiting the earth in space. Thus, an unauthorized access to such systems can have a significant effect on business and transportation activities.
In the U.S., NASA is a target for hackers because it possesses more than 550 information systems that perform essential operations, such as controlling spacecraft, gathering and processing scientific data, and cooperating with other space agencies worldwide.
In 2012, NASA released a report that examined Agency’s information security. The report highlighted five problems related to protecting NASA’s information systems, namely: (1) a lack of full awareness of Agency-wide IT security posture, (2) shortcomings in implementing a continuous monitoring approach to IT security, (3) a slow pace of encryption for NASA laptop computers and other mobile devices, (4) problems related to the ability to combat sophisticated cyber-attacks, and (5) problems related to the transition to cloud computing.
It is worth mentioning that the U.S. Congress annually issues a report that reflects how U.S. Federal agencies, including NASA, implement the Federal Information Security Management Act. The report also indicates information security incidents and demonstrates cyber security measures. According to the report, in 2014, CFO agencies experienced more than 67.000 information security incidents. NASA accounted for over 15.000 attacks and became the agency that is targeted by hackers most frequently. The report indicates that the number of cyber-attacks against NASA is growing rapidly. For example, in 2010 and 2011, NASA reported only 5.408 incidents that resulted in the installation of malicious software or unauthorized access to its systems, whereas in 2014 – three times more.
As determined by the report, the three most popular categories of NASA cyber incidents in 2014 were:
- Other (12.017 incidents). This category includes a number of low-frequency types of information security incidents, including unconfirmed third-party notifications, port scans, and failed brute force attempts. The category also accommodates reported incidents with an unknown cause.
- Malicious code (1.226 incidents). This category reflects successful installations and executions of malware that were not identified and cleaned by preventative tools, such as antivirus software.
- Social engineering (1.185 incidents). The category includes attempts to entice users to download malware-infected software or provide sensitive information through using fraudulent websites.
The hacking attacks committed against NASA can have a broad range of consequences. Such intrusions can affect Agency’s computers, disrupt systems, and distort mission operations. They can also result in stealing and exporting sensitive data collected and processed by space systems. It should be pointed out that the attacks on NASA’s computers can have negative consequences not only on NASA’s operations, but also on the global security and economy.
The vulnerabilities of space systems that lead to cyber-attacks occur due to a number of reasons, e.g., working with outdated or conventional operational software, public announcement of software updates, lack of encryption, and a low level of information security protection.
The analysis of cyber-attacks directed towards U.S. governmental agencies imply that persons who are behind those attacks vary significantly. Such people range from individuals testing their IT expertise to members of criminal hacker networks that are financed by foreign intelligence agencies.
The next section will provide a concise overview of the major cyber-attacks committed against space agencies worldwide.
Section 3. Major cyber-attacks against space agencies
In general, the space systems can be divided into three interconnected categories, namely, (1) communication systems, (2) satellites and spacecraft orbiting the earth, and (3) ground stations. Cybercriminals who manage to find vulnerabilities in only on one of those categories of space systems are able to affect the other two categories.
The U.S. agencies have tense relationship with Chinese hackers. NASA experienced several China-based information security attacks. In 2011, Chinese hackers accessed NASA’s Jet Propulsion Laboratory (JPL), a key control center, and broke into JPL’s computer network. Since JPL controls over 20 spacecraft, which perform space missions related to Jupiter, Mars, and Saturn, the cyber-attack has affected a wide range of JPL’s operations. The well-concealed attack resulted in: (1) controlling NASA systems; (2) uploading hacking tools; (3) stealing user credentials; and (4) modifying, copying, and deleting sensitive files.
Similarly, in September 2014, Chinese hackers breached the U.S. National Oceanic and Atmospheric Administration (NOAA) computer network. The cyber-attack aimed at distorting operational data coming from U.S. satellites, such as disaster planning and aviation. The targeted weather satellites orbit above the earth and collect weather information, including temperature, moist, hurricanes, and cold fronts. The fact that NOAA publishes the data and imagery collected by the satellites publicly on the Web and allows downloading the information could have significantly contribute to the breach.
In 1999, then a 15 year-old computer hacker J. J. under the nickname “c0mrade” admitted breaching NASA computer network in addition to a bunch of other cyber-crimes. By accessing the NASA network, the juvenile not only caused a shutdown of NASA computers that manage international space station, but also downloaded a $1.7 million worth NASA proprietary software, which regulates space ships’ temperature and humidity. In addition, the expertise of the young hacker allowed him to breach Pentagon weapons computer network, intercept thousands of emails, and steal employees’ credentials. The boy was incarcerated for six months in detention facility and became the first juvenile sentenced for computer crimes. Being at age of 25, J. J. committed a suicide that was motivated by a number of accuses regarding intrusions of computer systems.
In 2002, an UK-based system operator G. M. was accused of committing one of the major military computer hacks in the history. The hacker claims that his aim was obtaining information about the existence of extraterrestrial visits. He was convinced that NASA hided evidence of UFO activity. In order to find the truth, G. M. breached a network of 97 NASA computers. According to U.S. authorities, the hacker: (1) accessed, downloaded, and deleted critical files and employees’ credentials; (2) shut down 2.000 computers; and (3) paralyzed supply of deliveries to the U.S. Navy’s Atlantic Fleet. The damage caused by the hacker was estimated $700.000.
Various unofficial sources claim that G. M. has detected evidence of UFO existence, including a list of non-terrestrial military officers and a photo depicting an unusual cigar-shaped object hanging in the air. The techno geek stated that, during the hijack, he “found a list of officers’ names under the heading Non-Terrestrial Officers. (…) It doesn’t mean little green men. What I think it means is not earth-based. I found a list of ‘fleet-to-fleet transfers’, and a list of ship names. I looked them up. They weren’t U.S. navy ships. What I saw made me believe they have some kind of spaceship, off-planet.”
U.S. agencies are not the only targets of space hackers. In the beginning of 2012, the Japan Aerospace Exploration Agency (JAXA) discovered that their computers were contaminated with a virus that caused a leakage of information stored on the network. The data that was compromised during the hijack includes system log in data, emails, and operational information. Similarly, in 2014, the German Aerospace Center, which plans, manages, and implements Germany’s space programs and rocket technologies, suffered an espionage attack that infiltrated several computers in the network with spyware and self-destroying malware.
Section 4. Measures for preventing cyber attacks
Satellites managed by various space agencies are targets for cyber-attacks that are firstly initiated in ground stations and later elevated to satellites. Addressing security challenges, space agencies worldwide took a number of initiatives for prevention of potential cyber-attacks.
The U.S. agencies initiated actions aimed at mitigating potential risk of cyber-attacks, protecting computer networks, and preventing unauthorized access to confidential information. The efforts being undertaken by NASA include prevention of malware, mitigation of intrusions, and shaping cyber security environment. The total NASA expenses for IT security were $102 million in 2014.
For tackling the growing threat of cyber warfare, the established U.S. cyber security framework requires the agencies to implement three key elements of information security, namely, (1) continuous monitoring of information security, (2) strong authentication, and (3) trusted Internet connection traffic. Moreover, the U.S. administration deploys an intrusion detection and prevention system called Einstein, which provides “agencies with an early warning system, and improved situational awareness of emerging threats.”
The European Space Agency (ESA) also highlights its efforts to establish an effective cyber security program. ESA emphasizes the need to protect a growing number of space assets and the related installations on the ground from potential cyber threats. The ongoing ESA’s activities include risk management solutions aimed at (1) increasing public awareness about the protection of sensitive data, (2) conducting research on mitigation of computer viruses that are infecting standalone devices, (3) investing in new prevention technologies, (4) setting up cybercrime research and innovation programs, (5) improving private-public partnership on internet cyber threat, and so forth.
Similarly, Russia plans to upgrade its satellite communication systems, which are used by the Russian Defense Ministry and the Russian Federal Space Agency, until 2025.
Section 5. Conclusion
Tackling the issue of increasingly growing cyber threat becomes a priority of military and civil agencies worldwide. Due to advance of technology, more aspects of our modern lives depend on sophisticated digital systems, especially space satellites that manage globally interconnected services, including GPS signals and the Internet. The protection of space systems is a critical concern of NASA, ESA, and other space agencies around the world.
The information security incidents discussed in this article demonstrate that space agencies are still vulnerable to hackers. In addition to already implemented security measures, the international space community should address crucial aspects of cyber defense, such as raising awareness of cyber threat, assuring proper performance of systems after a cyber-attack, strengthening international cooperation, employing standardized protocols for information security incidents, and updating anti-malware software.
- Cyber Security and IT Infrastructure Protection By John R. Vacca