In this article we will learn about Interplanetary Hacking: How the Space Industry Mitigates Cyberthreats.
Section 1. Introduction to Interplanetary Hacking
Space exploration has greatly benefited from the technological development of our modern civilization. Although the recent news of finding water on Mars or detecting blue skies on Pluto still excites us, the use of space is already a reality. Today’s society relies on space-based infrastructure and communication systems for many aspects of our daily lives, including GPS and the Internet. Thanks to recent technological innovations, such space systems exist as a network of complex computers running sophisticated operating systems.
Data collected through space-based devices attracts digital criminals. Although the US National Aeronautics and Space Administration (NASA), along with other space agencies around the world, are making significant efforts to protect their computers from the loss of sensitive data and service disruptions, the space community continues to suffer from an increasing number of cyber attacks. Media channels continuously report successful cyber-attacks, where skilled hackers break into space systems and search confidential files in order to obtain information about extraterrestrial life forms, take control of spaceships or hijack satellite services.
This article will address the challenges of space cybersecurity by analyzing NASA’s information security vulnerabilities (Part 2), describing major information security incidents related to space exploration (Part 3), and discussing policies designed to prevent hacking of space systems (Part 4 ). Finally, a conclusion is drawn (Section 5).
Section 2. NASA Cybersecurity Vulnerabilities
There are currently more than a thousand functional satellites orbiting the Earth in space, supporting telecommunications, banking and forecasting systems. Unauthorized access to such systems can thus have a significant impact on business and transport activities.
In the US, NASA is a target for hackers because it owns more than 550 information systems that perform basic operations such as controlling spacecraft, collecting and processing scientific data, and collaborating with other space agencies around the world.
In 2012, NASA released a report that examined the agency’s information security. The report highlighted five issues related to the protection of NASA’s information systems, namely: (1) lack of full awareness of the state of IT security across the agency, (2) deficiencies in implementing a continuous monitoring approach to IT security, (3) slow pace of encryption for NASA laptops and other mobile devices, (4) issues related to the ability to counter sophisticated cyber attacks, and (5) issues related to the transition to cloud computing[Interplanetary Hacking].
It is worth noting that every year the US Congress issues a report that reflects how US federal agencies, including NASA, are implementing the Federal Information Security Management Act. The report also lists information security incidents and demonstrates cybersecurity measures. According to the report, agency CFOs experienced more than 67,000 information security incidents in 2014. NASA has been responsible for over 15,000 attacks and has become the agency most targeted by hackers.
The report suggests that the number of cyber attacks against NASA is increasing rapidly. For example, in 2010 and 2011, NASA reported only 5,408 incidents that led to the installation of malicious software or unauthorized access to its systems, while in 2014 – three times as many.
According to the report, the top three categories of NASA cyber incidents in 2014 were:
- Others (12,017 incidents). This category includes a number of low-frequency types of information security incidents, including unconfirmed third-party notifications, port scans, and failed brute force attempts. The category also includes reported incidents of unknown cause.
- Malicious code (1,226 incidents). This category reflects successful installations and launches of malware that were not identified and cleaned up by preventative tools such as antivirus software.
- Social engineering (1,185 incidents). This category includes attempts to lure users into downloading malware-infected software or providing sensitive information through fraudulent websites.
Hacking attacks against NASA can have a wide range of consequences. Such intrusions can affect agency computers, disrupt systems, and disrupt mission operations. They can also lead to the theft and export of sensitive data collected and processed by space systems. It should be emphasized that attacks on NASA computers can have negative consequences not only for NASA operations, but also for global security and the economy.
Vulnerabilities in space systems that lead to cyber attacks are caused by a number of reasons, such as working with outdated or conventional operating software, public announcement of software updates, lack of encryption and low level of information security protection.
An analysis of cyberattacks against US government agencies suggests that the individuals behind these attacks vary widely. These people range from individuals testing their IT expertise to members of criminal hacking networks that are funded by foreign intelligence agencies.
The next section will provide a brief overview of the major cyber attacks perpetrated against space agencies around the world.
Section 3. Major Cyber Attacks Against Space Agencies
Space systems can generally be divided into three interrelated categories, namely (1) communication systems, (2) Earth-orbiting satellites and spacecraft, and (3) ground stations. Cybercriminals who manage to find vulnerabilities in only one of these categories of space systems are able to affect the other two categories.
US agencies have strained relations with Chinese hackers. NASA has experienced several Chinese attacks on information security. In 2011, Chinese hackers entered NASA’s Jet Propulsion Laboratory (JPL), a key control center, and penetrated JPL’s computer network. Since JPL operates more than 20 spacecraft that conduct space missions related to Jupiter, Mars, and Saturn, the cyber attack affected a wide range of JPL operations. The well-disclosed attack resulted in: (1) control of NASA systems; (2) uploading hacking tools; (3) theft of user credentials; and (4) editing, copying, and deleting sensitive files.
Similarly, in September 2014, Chinese hackers breached the computer network of the US National Oceanic and Atmospheric Administration (NOAA). The goal of the cyber attack was to distort operational data coming from US satellites, such as disaster planning and aviation. Targeted weather satellites orbit the earth and collect weather information, including temperature, humidity, hurricanes and cold fronts. The fact that NOAA posts data and images collected by satellites publicly on the Web and allows the information to be downloaded may have contributed significantly to the breach[Interplanetary Hacking].
In 1999, then 15-year-old computer hacker J.J., nicknamed “c0mrade”, confessed to hacking NASA’s computer network, among other cybercrimes. By getting into NASA’s network, the teenager not only caused a shutdown of NASA’s computers that manage the International Space Station, but also downloaded $1.7 million worth of NASA’s own software that regulates the temperature and humidity of the spacecraft.
In addition, the young hacker’s expertise allowed him to breach the Pentagon’s weapons computer network, intercept thousands of emails and steal employee credentials. The boy was jailed for six months in a detention facility and became the first juvenile convicted of computer crimes. At the age of 25, J.J. committed suicide, which was motivated by a series of accusations of hacking computer systems.
Also read about Interplanetary Hacking:Everything you need to know about Ethical Hacking as a Career by Blackhat Pakistan 2023
In 2002, British systems operator GM was accused of committing one of the largest military computer hacks in history. The hacker claims that his goal was to obtain information about the existence of extraterrestrial visits. He was convinced that NASA was hiding evidence of UFO activity. To find out the truth, G.M. hacked the network of 97 NASA computers. According to US authorities, the hacker: (1) accessed, downloaded and deleted important files and employee credentials; (2) shut down 2,000 computers; and (3) the crippled delivery of supplies to the US Navy’s Atlantic Fleet. The damage caused by the hacker was estimated at $700,000.
Various anecdotal sources claim that G.M. discovered evidence of the existence of UFOs, including a list of extraterrestrial military officers and a photograph showing an unusual cigar-shaped object suspended in mid-air. The techno geek said that during the hijacking he “found a list of officers’ names under the heading Non-Terrestrial Officers. (…) It does not mean little green men. What I think it means is not earthly. I found a list of ‘transfers between fleets’ and a list of ship names. I looked at them. They were not US Navy ships. What I saw made me believe they had some kind of spaceship off the planet[Interplanetary Hacking].”
US agencies are not the only targets of space hackers. In early 2012, the Japan Aerospace Exploration Agency (JAXA) discovered that their computers had been contaminated by a virus that leaked information stored on the network. The data that was compromised during the hijacking includes system logins, emails and operational information. Similarly, in 2014, the German Aerospace Center, which plans, manages and implements Germany’s space programs and rocket technology, suffered an espionage attack that infiltrated several computers on the network with spyware and self-destructing malware.
Section 4. Measures to Prevent Cyber Attacks
Satellites managed by various space agencies are the target of cyber-attacks that are first launched at ground stations and later escalated to satellites. Addressing security concerns, space agencies around the world have taken a number of initiatives to prevent potential cyber attacks.
US agencies have launched actions aimed at mitigating the potential risk of cyber attacks, protecting computer networks and preventing unauthorized access to confidential information. NASA’s efforts include preventing malware, mitigating breaches, and shaping the cybersecurity environment. NASA’s total spending on IT security was $102 million in 2014.
To counter the growing threat of cyberwarfare, the established U.S. cybersecurity framework requires agencies to implement three key elements of information security, namely (1) continuous information security monitoring, (2) strong authentication, and (3) a trusted Internet. connection traffic. In addition, the US administration is deploying an intrusion detection and prevention system called Einstein, which provides “agencies with an early warning system and better situational awareness of emerging threats[Interplanetary Hacking].”
The European Space Agency (ESA) is also emphasizing its efforts to establish an effective cybersecurity program. ESA emphasizes the need to protect the growing number of space facilities and related installations on earth from potential cyber threats. ESA’s ongoing activities include risk management solutions aimed at (1) raising public awareness of sensitive data protection, (2) conducting research aimed at mitigating computer viruses that infect standalone devices, (3) investing in new prevention technologies, (4) ) ) creating cybercrime research and innovation programs, (5) improving private-public partnerships on Internet cyber threats, and so on.
Similarly, Russia plans to modernize its satellite communications systems used by the Russian Ministry of Defense and the Russian Federal Space Agency by 2025.
Section 5. Conclusion
Addressing the ever-increasing cyber threat is becoming a priority for military and civilian agencies around the world. As technology advances, more aspects of our modern lives depend on sophisticated digital systems, especially space satellites that manage globally connected services, including GPS signals and the Internet. Protecting space systems is a critical concern of NASA, ESA and other space agencies around the world.
The information security incidents discussed in this article show that space agencies are still vulnerable to hackers.
- Cyber Security and IT Infrastructure Protection By John R. Vacca