The U.S. National Aeronautics and Space Administration (NASA) identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA’s Office of Inspector General.
NASA has institutional systems, which are used for the day-to-day work of employees — these include data centers, web services, computers and networks. It also has mission systems, which support its aeronautics, space exploration and science programs — these include systems used for controlling spacecraft and processing scientific data.
The agency has more than 4,400 applications, over 15,000 mobile devices, roughly 13,000 software licenses, nearly 50,000 computers, and a whopping 39,000 Tb of data.
The audit conducted by NASA’s inspector general has revealed that while attacks on the agency’s networks are not uncommon, “attempts to steal critical information are increasing in both complexity and severity,” and the agency’s ability to detect, prevent and mitigate attacks is limited.
The cyber incidents observed over the past years — more than 1,700 were identified in 2020 — included brute-force attacks, email-related incidents, impersonation attacks, improper usage issues, loss or theft of equipment, web-based attacks, and incidents involving external or removable media.
Last year, a majority of incidents were related to improper usage, which includes installing unapproved software or accessing inappropriate materials. These types of incidents increased from 249 in 2017 to 1,103 in 2020. On the other hand, NASA also believes that the higher number of detected incidents is also a result of improved network visibility.
The report has highlighted several incidents, including a 2018 hack of NASA’s Jet Propulsion Laboratory, which resulted in hackers accessing servers and even its Deep Space Network telescopes. In the same year, someone stole roughly 500 Mb of data from a major mission system after the account of an external user was compromised.
In 2019, NASA discovered that a contract employee used its systems to mine cryptocurrency, and in the same year two Chinese nationals were indicted for allegedly hacking NASA systems and stealing data.