NASA's JPL may be able to reprogram a probe at the arse end of the solar system, but its security practices are a bit crap NASA's Jet Propulsion Lab still has "multiple IT security control weaknesses" that expose "systems and data to exploitation by cyber criminals", despite cautions earlier this year. Following up on a strongly worded letter sent in March warning that NASA as a whole was suffering cybersecurity problems, the NASA Office of the …
I imagine NASA isa fairly academic environment. Academics don't like security, don't like controls, don't want to even think about security or the possibility and don''t like anything that stops them doing what they want to do.
It makes for a very difficult and combatative environment to secure. Couple that with budgets that are cut to the bone and that makes everything more difficult.
I don't doubt Nasa cyber security guys have a tough time of it. Pint glass, coz they'll need it.
Upheld here, of referring to “Caltech’s JPL” when a spacecraft they built lands on, say, Mars, but “NASA’s JPL” when they screw up.
I don’t know whether Caltech’s contract with NASA requires identical security controls and practices to those at NASA Centers, but the picture painted by this report is reminiscent of the more science- (as opposed to engineering-) oriented Centers 10 - 15 years ago, where the spirit of inquiry led to dodgy practices like adding whatever one wanted to the network, whenever one could get away with it, in the pursuit os some scientific goal. You know, like a university.
I'm picturing a future headline: "Pranksters hijack insecure NASA space probe, flash insulting messages to alien race investigating the probe, aliens now on the way to destroy Earth"
Try something bigger: Europol and the FBI has shut down a malware C&C that was found to be hosted in the Cassini space probe. After 185 years, the space probe has been seized for forensic analysis.
I'm picturing a future headline: "Pranksters hijack insecure NASA space probe, flash insulting messages to alien race investigating the probe, aliens now on the way to destroy Earth"
Better hope the invasion fleet gets eaten by a small dog?
Trump gets away with it 'cos his country has the power. Bozzer is more scary.
When the instructions for applying a security update to your deep-space probe start with:
1) Hold down the RESET button while turning power to the Main board off for 5 seconds, then on.
2) Confirm that blue LED is blinking.
...
You know you are going to have to deal with that guy in corporate travel, and that never goes well.
Did they also hire Beelzebub and Sons (Established 4004 BC) as security consultants?
Sorry, couldn't resist. Mine's the one with the Iron Maiden CD in the pocket
NASA has always failed at securing it servers going back donkey years.
I remember a few times say 15 to 20 years ago when their servers were compromised just to host hidden FTP servers to serve up movies and pirate software. Just scanning port ranges for vulnerabilities and not even realising it was NASA until the upload/download speed and cpu specs were seen after exploitation and the resulting IP lookup showed it was their netblock.
There was nothing to block outgoing scans either so their box's made fast scanning proxies to check the rest of the net for new vulnerabilities.
The 'mostly harmless' days when just bandwidth and a bit of hard disk space borrowed with no deface. Now its all ransomware, miners and data stealing. Times have changed but NASA's security hasn't.
Hardly surprising, the Federal Government has never been able to keep their systems updated or secured. A report through Homeland Security released about Homeland Security, Dept of Education, Dept of Agriculture, Dept of Housing...and others shows the same problems with some systems that are 20 - 35 years old. https://www.hsdl.org/c/substandard-federal-cybersecurity-puts-america-at-risk/
Going dark from encryption? No from obsolete IT equipment, some still running programs written in COBOL which is hard to find programmers for.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
