NASA CIO Misses Little Things That Could Cause Big Problems

By Keith Cowing
June 24, 2019
Raspberry Pi used to steal data from Nasa lab, BBC
“An audit report reveals the gadget was used to take about 500MB of data. It said two of the files that were taken dealt with the international transfer of restricted military and space technology. The attacker who used the device to hack the network went undetected for about 10 months. The malicious hacker won access to the Jet Propulsion Lab internal network via the Raspberry Pi by hijacking its user account. Although the Pi had been attached to the network by the employee, lax controls over logging meant Nasa administrators did not know it was present, said the report. This oversight left the vulnerable device unmonitored on the network, allowing the attacker to take control of it and use it to steal data.”
NASA OIG Finds Pervasive Problems With JPL Cybersecurity, earlier post
“Multiple IT security control weaknesses reduce JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals.”
Report: “JPL did not have complete and accurate information about the types, location, and value of NASA system components and assets connected to its network. … The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network.32 The device should not have been permitted on the JPL network without the JPL OCIO’s review and approval.”
NASA Needs A New Chief Information Officer, earlier post
“NASA’s CIO has been asleep at the wheel for years. Its time for a reboot.”

