According to a recent article published by Forbes, cyber security incidents at NASA rose by 366% in 2019, according to a report from the Office of Management and Budget, and analyzed by AtlasVPN. This all comes after a $3.1 million decrease in NASA’s cyber security budget from 2018.
There was a 638% rise in “Improper Usage” incidents. These accounted for almost 91% of the overall increase. This is even more alarming after 2018’s very public hacking at JPL, when an authorized Raspberry Pi was connected to their servers and became an entry point for hackers to access to NASA’s Deep Space Network array of radio telescopes.
I spoke with Jim Adams, former Deputy Chief Technologist for Kennedy Space Center and 30 year NASA veteran for a bit more insight.
He said when if comes to cutting cyber security budgets for any federal department it’s like “Opening a new bank and only using half of the (security) guards.” (JA)
Hackers will come up with “ever more creative ways to gain access to NASA’s system.” (JA) So OMB and Congress need to increase cyber security budgets so that they can stay ahead of the threats.’
“Lack of vigilance is a real risk,” (JA) and assuring personnel do not become complacent is vital to decreasing ‘improper usage.’ While at the same time the sprawl of NASA’s infrastructure is so large, that itself can contribute to the problem, as certain equipment becomes a liability before it can be replaced.
Assuring a robust cyber security budget would help combat even these physical problems.
But Adams warns it is not just NASA’s cyber security the public should be alarmed about. “All agencies are at risk.” (JA) Problems in one agency’s cyber security can be the canary in the coalmine for the entire system.
According to a 2012 Inspector General’s report, NASA’s “connectivity with outside organizations… such as educational institutions and research facilities – presents cybercriminals with a larger target than that of many other Governmental agencies.” ‘
And a 2018 IG report pointed to how the agency’s reliance on the Global Supply chain can “pose a significant risk as foreign-developed or manufactured technology may be counterfeit or compromised” which could unsuspectingly install malware used to steal precious IP and deliver it to our competitors. Or it could be used to access the accounts of some of the most privilege users thus giving hackers access to most of NASA’s network.