Scathing report details ten years of security issues and malpractice
An unsecure and unauthorised Raspberry Pi device has been blamed for a 2018 security breach in NASA’s Jet Propulsion Laboratory (JPL), a department plagued with cyber security vulnerabilities, according to a new report from NASA’s Office of Inspector General.
The security breach in question saw hackers target a NASA employee’s Raspberry Pi device, which wasn’t authorised to connect to the JPL’s network, and make off with 500MB of data from one of its major mission systems.
This was just one of the more recent incidents from the past ten years of “notable cyber security incidents that have compromised major segments of its IT network,” according to the report.
Back in 2011, the same department fell victim to another security breach which saw hackers gain full access to 18 servers that supported key missions, giving them read/write privileges of nearly all files, and steal 87GB of data. At the time, JPL managed 23 aircraft in active missions to Jupiter Mars and Saturn.
Across the entire organisation, 13 hacks were reported in 2011 alone with other incidents resulting in employee credentials being stolen because it failed to encrypt and protect sensitive data quickly enough, according to Paul Martin, NASA general testifying before Congress at the time.