I once had a chance to hijack the Voyager
spacecraft — or at least that's how it seemed. It was back in 1999 and I
was in a red-brick building on an unremarkable stretch of Madre Street
in Pasadena, a little outpost of NASA's Jet Propulsion Laboratory (JPL)
that was home to the few lonely consoles still monitoring the twin
Voyager spacecraft. Even at that point, the ships had long since
completed their primary missions. Voyager 1 was 6.51 billion miles from
Earth; Voyager 2 was 5.02 billion, and while they were (and indeed,
still are) beaming back information about the deepest reaches of the
solar system, it was hardly the kind of picture-rich data-stream that
requires a full-blown mission control team to manage. So it was down to
just a console or two on Madre Street, one of which was unattended and
bore a bright orange sticker with the all-caps notice: "CAUTION. THIS IS
A LIVE VOYAGER CONSOLE. DO NOT TOUCH."
I didn't touch — and I would have hardly known what kinds of
mischievous signals to send the ships even if I had. But there are
plenty of people around with a decidedly more criminal bent, and these
days, they've got the know-how to strike. Worse, they don't even have to
go to Madre Street or any other part of NASA's vast web of control
centers anymore. They can — and increasingly do — reach into the space
agency's systems from anywhere in the world.
(MORE: The Space Station: Will NASA Abandon Ship?)
In
detailed testimony delivered on Thursday to a House subcommittee on
investigations and oversight, NASA Inspector General Paul Martin painted
a disturbing picture of an agency under electronic siege, with hackers
from China, Italy, the U.K., Nigeria, Portugal, Romania, Turkey, Estonia
and the U.S. itself attempting increasingly brazen attacks on
operations both on the ground and in space. The network controlling the
space shuttles was cracked, and while those ships have since been
mothballed, the International Space Station (ISS) remains a fat and
floating target. In perhaps the most alarming portion of Martin's
testimony, it was revealed that just under a year ago, a laptop was
stolen, and on its hard drive were critical algorithms used to command
the ISS.
Overall, in 2010 and 2011, there were a breathtaking 5,408
computer security incidents involving either unauthorized access to NASA
systems or the insertion of malware. In 2011, there were 47 major
instances of hacking, 13 of which were successful — at least to the
extent that they somehow affected the operation of the targeted
computers. In one case, "the attackers had full, functional control
over...networks," Martin said in his official statement to the
committee.
Bloggers and much of the rest of the web have been all over the
story, anxious as ever to pounce on any new incident of perceived NASA
fecklessness. And while the report is serious, you can be pretty sure
we're at no risk of seeing some basement hacker send the ISS pinwheeling
into solar orbit. The systems are just too complex and redundant for
that. What's more, NASA is doing a creditable job of working to contain
the problem — and at the same time providing a possible template for
other government agencies facing cybersecurity threats of their own.
(PHOTOS: Iconic Images of the Earth from Space)
One
of the main reasons for NASA's particular vulnerability to cyberattack —
apart from the fact that is has so many computers and is uniquely
dependent on communicating with people and machines very, very far away —
is that is has such a multiplicity of headquarters and centers. This
was by design and dates from the 1950s, when the agency was first
formed.
Rather than building NASA from scratch, Washington officials
simply went cherry-picking from among existing tech labs, military bases
and missile sites around the country — Ames in California, Canaveral in
Florida, Huntsville in Alabama, Goddard in Maryland. The only major
NASA center built de novo was in Houston, and that was the doing of
Lyndon Johnson, who was Vice President at the time and wanted his home
state to get the biggest, sweetest NASA plum of all. This kind of
distributed structure did limit start-up costs and help in the
dissemination of science, but it left the NASA of half a century later
with a lot of weak spots in a security system that has to weave so many
disparate servers and databases together.