NASA's Jet Propulsion Laboratory (JPL) uses some of the most advanced technologies in the world, including Martian rovers and space telescopes. However, it was a relatively simple consumer technology that allowed hackers to enter its network and steal data. According to a report from the Office of the US General Inspector (OIG), someone connected an unauthorized Raspberry Pi JPL, which allows hackers to enter the systems.
The full federal review of JPL systems was created following an incident that occurred in April 2018 when a person at JPL linked the Raspberry Pi to the network there for an unknown purpose. This small computer had an unfiltered connection to the Internet, acting as a beacon for hackers. It was apparently simple for unknown assailants to enter systems connected to the same network as the Raspberry Pi.
While inside the JPL network, hackers allegedly stole about 500 MB of manned flight data. If they were only a few jokers on the Internet, these data would not be very useful. If, however, they represented an adversarial country, the data could be extremely useful. This would be pretty serious, but the BIG review has deepened and revealed other issues related to how JPL manages its networks.
After ransacking the JPL computers, the attackers found a deeper route into the JPL network. They were able to access sensitive systems like the Deep Space Network, a set of radio antennas that NASA uses to communicate with distant spacecraft. The security breach was so serious that Johnson Space Center officials decided to disconnect from the JPL network to protect projects such as the Orion crewed multi-purpose vehicle and the International Space Station. Johnson remained disconnected from the JPL until November 2018, but some connections are still restricted.
The Office of the Inspector General stresses the shared nature of its network. A properly segmented network would have prevented attackers from setting up in other systems and threatening air operations. The system used by JPL to track network hardware is apparently incomplete and poorly maintained. Network administrators even admitted that they did not regularly check the list of new devices.
NASA and JPL are committed to resolving the issues outlined in the report, and the BIG will be back on track to make sure this happens. We can not take risks with major projects like the Artemis program.