NASA is basically trying to get hacked
In 1999, a 15-year-old who called himself “c0mrade” hacked his way into NASA’s computers and stole $1.7 million worth of software that controlled the International Space Station. For his misdeeds, the teen was sentenced to six months in jail and was ordered to write a letter to the head of NASA saying he was sorry, as well as a similar letter to the Secretary of Defense (he also hacked the Pentagon). According to a pair of reports issued this week by NASA’s Inspector General, the 2018 version of c0mrade the teen would have a pretty damn easy time of worming his hormonal way into NASA, too.
One report focused on the agency’s Securities and Operations Center (SOC), which is based in Ames, Iowa and is meant to serve as NASA’s “cybersecurity nerve center.” It found that after ten years of existence, NASA hadn’t given its SOC much to really do, and even if it had, the SOC hadn’t developed the necessary tools to handle cybersecurity threats.
The second report audits the security of NASA’s supply chain and inadvertently points out the inherent weaknesses of the Trump administration’s vision for our space program — which involves essentially turning NASA into a company that buys and sells goods within the market of space. Per the Inspector General’s report:
NASA’s risk assessment process, when followed, often consists of a cursory review of public information obtained from Internet searches or unverified assertions from manufacturers or suppliers that the IT and communications products or services being acquired do not pose a risk of cyber-espionage or sabotage. Further, we found NASA does not consistently coordinate with the FBI in its review process. In addition, contrary to best practices the Agency’s supply chain risk management practices do not require testing of IT and communication products to determine their authenticity and vulnerability to cyber-espionage or sabotage prior to their acquisition and deployment. Moreover, Agency policy excludes specific IT systems and flight hardware, such as equipment operated on the International Space Station, from risk assessment requirements.
In other words, just like you and I, when NASA buys a piece of technology it just googles around to see whether or not it’s got some sketchy shit in it that’s going to steal all of our data, or they just ask the person who’s selling them the thing to see whether or not it’s legit. But unlike you and I, NASA launches motherfucking rockets into motherfucking space. In the coming years, NASA will send humans to the Moon again, and soon enough, to Mars. When you’re putting people in outer space, you should probably triple-check to make sure that every piece of equipment involved with that endeavor is 100 percent legit and not vulnerable to hacking, otherwise very, very, very bad things could happen.