back to article NASA's JPL may be able to reprogram a probe at the arse end of the solar system, but its security practices are a bit crap

NASA's Jet Propulsion Lab still has "multiple IT security control weaknesses" that expose "systems and data to exploitation by cyber criminals", despite cautions earlier this year. Following up on a strongly worded letter sent in March warning that NASA as a whole was suffering cybersecurity problems, the NASA Office of the …

  1. Neil Barnes Silver badge
    Alien

    Apparently

    Computer security just isn't rocket science!

  2. 0laf Silver badge
    Pint

    I imagine NASA isa fairly academic environment. Academics don't like security, don't like controls, don't want to even think about security or the possibility and don''t like anything that stops them doing what they want to do.

    It makes for a very difficult and combatative environment to secure. Couple that with budgets that are cut to the bone and that makes everything more difficult.

    I don't doubt Nasa cyber security guys have a tough time of it. Pint glass, coz they'll need it.

    1. The Mole

      Worse than just academics I imagine JPL is filled with specialist engineers as well who just want to get on with their job with the minimal interference - which results in unauthorized systems deployed as they are quicker to get up and running.

      1. Zarno
        Linux

        "What do you mean I need to wait 6 weeks and fill out a budget request form and support ticket???!!!! I need this system running today! Anyone have a spare PS3 with OtherOS still on it?"

    2. trindflo

      JPL is a campus environment, but the scientists I've worked with are very interested in keeping their data secure so they can publish first.

      1. brotherelf

        everything comes with a "yeah but"

        … but at the same time, they need to grant wide-ranging access to their collaboration partner in $elsewhere. And they don't know for what and for how long and won't tell you when to remove access again, the original "Do What I Mean" permissions.

  3. Joe Gurman

    A grand tradition

    Upheld here, of referring to “Caltech’s JPL” when a spacecraft they built lands on, say, Mars, but “NASA’s JPL” when they screw up.

    I don’t know whether Caltech’s contract with NASA requires identical security controls and practices to those at NASA Centers, but the picture painted by this report is reminiscent of the more science- (as opposed to engineering-) oriented Centers 10 - 15 years ago, where the spirit of inquiry led to dodgy practices like adding whatever one wanted to the network, whenever one could get away with it, in the pursuit os some scientific goal. You know, like a university.

  4. Scott 29

    Hi Corbin

    Just wanted to say hope you're holding up there. You were great to work with.

    Regards, Scott

  5. LDS Silver badge
    Alien

    Now don't tell me that Opportunity...

    ... was shutdown by a script kiddie!

    1. Anonymous Coward
      Anonymous Coward

      Re: Now don't tell me that Opportunity...

      Opportunity was never shut down. It was taken over and now it is surveying a site for the construction of a Chinese dissidents' detention centre, part of the Mars silk'n'jackboot road project.

  6. Anonymous Coward
    Anonymous Coward

    Resource

    Sounds like the resources haven't been going into Information / Cyber Security for years.. I mean it's not as if that's uncommon.. everywhere.

  7. AJames

    Pranksters trigger alien attack

    I'm picturing a future headline: "Pranksters hijack insecure NASA space probe, flash insulting messages to alien race investigating the probe, aliens now on the way to destroy Earth"

    1. sanmigueelbeer Silver badge
      Joke

      Re: Pranksters trigger alien attack

      I'm picturing a future headline: "Pranksters hijack insecure NASA space probe, flash insulting messages to alien race investigating the probe, aliens now on the way to destroy Earth"

      Try something bigger: Europol and the FBI has shut down a malware C&C that was found to be hosted in the Cassini space probe. After 185 years, the space probe has been seized for forensic analysis.

    2. Nick Kew

      Re: Pranksters trigger alien attack

      I'm picturing a future headline: "Pranksters hijack insecure NASA space probe, flash insulting messages to alien race investigating the probe, aliens now on the way to destroy Earth"

      Better hope the invasion fleet gets eaten by a small dog?

      Trump gets away with it 'cos his country has the power. Bozzer is more scary.

  8. Mike 16 Silver badge

    Problem with security updates.

    When the instructions for applying a security update to your deep-space probe start with:

    1) Hold down the RESET button while turning power to the Main board off for 5 seconds, then on.

    2) Confirm that blue LED is blinking.

    ...

    You know you are going to have to deal with that guy in corporate travel, and that never goes well.

  9. Michael H.F. Wilkinson
    Coat

    666 tickets???

    Did they also hire Beelzebub and Sons (Established 4004 BC) as security consultants?

    Sorry, couldn't resist. Mine's the one with the Iron Maiden CD in the pocket

  10. flayman

    Wow. I feel a little better about my own company knowing that even NASA has crap IT.

  11. Anonymous Coward
    Anonymous Coward

    Always bad

    NASA has always failed at securing it servers going back donkey years.

    I remember a few times say 15 to 20 years ago when their servers were compromised just to host hidden FTP servers to serve up movies and pirate software. Just scanning port ranges for vulnerabilities and not even realising it was NASA until the upload/download speed and cpu specs were seen after exploitation and the resulting IP lookup showed it was their netblock.

    There was nothing to block outgoing scans either so their box's made fast scanning proxies to check the rest of the net for new vulnerabilities.

    The 'mostly harmless' days when just bandwidth and a bit of hard disk space borrowed with no deface. Now its all ransomware, miners and data stealing. Times have changed but NASA's security hasn't.

  12. onebignerd

    Hardly surprising, the Federal Government has never been able to keep their systems updated or secured. A report through Homeland Security released about Homeland Security, Dept of Education, Dept of Agriculture, Dept of Housing...and others shows the same problems with some systems that are 20 - 35 years old. https://www.hsdl.org/c/substandard-federal-cybersecurity-puts-america-at-risk/

    Going dark from encryption? No from obsolete IT equipment, some still running programs written in COBOL which is hard to find programmers for.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021