A Rotten Raspberry Pi Was Used In Cyberattack On NASA’s JPL Network
Houston, we have a security issue (you thought we were going to say "problem," didn't you?). Actually, NASA's Jet Propulsion Laboratory (JPL) has several security issues, according to an audit by the Office of Inspector General. Among other things, an examination of JPL's network security controls found that the division was the target of a cyberattack in April 2018, in which hackers exploited a Raspberry Pi computer to gain access to the network.
Simply put, "the device should not have been permitted on the JPL network without the JPL Office of the Chief Information Officer's (OCIO) review and approval," the report states. Nevertheless, hackers leveraged a vulnerable Raspberry Pi to swipe 500 megabytes of data from one of the network's major mission systems, and ultimately dive deeper into the network.
"The cyberattacker from the April 2018 incident exploited the JPL network’s lack of segmentation to
move between various systems connected to the gateway, including multiple JPL mission operations and
the DSN. As a result, in May 2018 IT security officials from the Johnson Space Center (Johnson), which
handles such programs as the Orion Multi-Purpose Crew Vehicle and International Space Station,
elected to temporarily disconnect from the gateway due to security concerns," the report states.
Dozens of Johnson officials noted concerns that cyberattackers could move laterally from the gateway into the mission systems, potentially granting hackers access to places they are not permitted. Should that happen, hackers would then be able to initiate malicious signals to human space flight missions that use those systems.
It's not just vulnerabilities in hardware that the report shined a light on, it also found "significant deficiencies" in JPL's event monitoring and security controls.
"We reviewed the 8 system security plans associated with the 13 systems we judgmentally sampled and
found significant deficiencies. Specifically, these plans had a total of 5,406 unresolved Security Problem Logs (SPLs)—about
86 percent of which were rated high or critical—and four plans contained 666 open SPLs with critical
vulnerabilities," the report states.
In one instance, JPL failed to address a known security vulnerability that was first identified in 2017, with a critical score of 7 out of 10. That particular flaw that went ignored could be used by cyberattackers to remotely launch a ransomware attack, whereby data is encrypted and held for ransom.
The report highlights several poor security practices that you would not expect to exist at NASA. It concludes with recommended fixes for the various security issues, all but one of which NASA has committed to implementing, that being the establishment of a formal threat-hunting process.
