Nasa disclosed that a tiny Raspberry Pi computer was used in order to breach the agency's Jet Propulsion Laboratory (JPL) in 2018, with 500MB of data related to major mission systems to be stolen.
JPL’s information technology (IT) systems maintain a wide public internet presence while supporting missions and networks that control spacecraft, collect and process scientific data, and perform critical operations.
The US Office of the Inspector General (OIG) posted a report on the effectiveness of JPL’s network security controls for externally facing applications and systems.
A series of weaknesses in JPL’s system of security controls were identified, that collectively diminish its ability to effectively prevent, detect, and mitigate cyberattacks targeting its IT systems and networks.
Several of these weaknesses were exploited during an April 2018 security breach, when a Raspberry Pi was used to gain access to the system.
The report revealed that over the past 10 years, JPL has experienced several notable cybersecurity incidents that have compromised major segments of its IT network. For example, in 2011 cyber intruders gained full access to 18 servers supporting key JPL missions and stole 87 gigabytes of data. More recently, in April 2018 JPL discovered an account belonging to an external user had been compromised and used to steal approximately 500 megabytes of data from one of its major mission systems.
JPL uses a web-based application known as the Information Technology Security Database (ITSDB) to track and manage physical assets and applications on its network. JPL policy requires all network-capable devices be listed in the database. The ITSDB is JPL’s authoritative source for hardware and software inventories used to support certification, accreditation, and authorizations of JPL systems; make risk-based decisions; and ensure individual system components receive the appropriate security controls. Only IT resources registered in the database and approved by the JPL OCIO are permitted to access JPL’s internal network. To add a property item into the ITSDB, a system administrator must request a tag number from a JPL assets representative.
The report unveiled that system administrators did not consistently update the inventory system when they added devices to the network. Consequently, assets could be added to the network without being properly identified and vetted by security officials.
The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network. The device should not have been permitted on the JPL network without the JPL OCIO’s review and approval.
Upon discovering this weak point, hackers exploited the Pi to gain access to the network and compromised JPL systems as well as the Deep Space Network (DSN) — the world’s largest and most sensitive scientific telecommunications system.
The report includes a series of recommendations to JPL in order to fortify its network from external cyber threats.
Mars 2020 Rover Gets Its Wheels
In related news, JPL is continuing the preparations for the Mars 2020 mission, which will launch from Cape Canaveral Air Force Station in Florida in July of 2020. It will land at Jezero Crater on Feb. 18, 2021.
JPL is building and will manage operations of the Mars 2020 rover for the NASA Science Mission Directorate at the agency's headquarters in Washington.
Earler this month, engineers at NASA's Jet Propulsion Laboratory in Pasadena, California, installed the starboard legs and wheels - otherwise known as the mobility suspension - on the Mars 2020 rover. They installed the port suspension later that day.
"Now that's a Mars rover," said David Gruel, the Mars 2020 assembly, test, and launch operations manager at JPL. "With the suspension on, not only does it look like a rover, but we have almost all our big-ticket items for integration in our rearview mirror - if our rover had one."
Within the next few weeks, the team expects to install the vehicle's robotic arm, the mast-mounted SuperCam instrument and the Sample Caching System, which includes 17 separate motors and will collect samples of Martian rock and soil that will be returned to Earth by a future mission.
Both of the rover's legs (the starboard leg's black tubing can be seen above the wheels) are composed of titanium tubing formed with the same process used to make high-end bicycle frames. The wheels in this picture are engineering models and will not make the trip to Mars. They will be swapped out for flight models of the wheels sometime next year.
Made of aluminum, each of the six wheels (each 20.7 inches, or 52.5 centimeters, in diameter) features 48 grousers, or cleats, machined into its surface to provide excellent traction both in soft sand and on hard rocks. Every wheel has its own motor. The two front and two rear wheels also have individual steering motors that enable the vehicle to turn a full 360 degrees in place.
When driving over uneven terrain, the suspension system - called a "rocker-bogie" system due to its multiple pivot points and struts -maintains a relatively constant weight on each wheel and minimizes rover tilt for stability. Rover drivers avoid terrain that would cause a tilt of more than 30 degrees, but even so, the rover can withstand a 45-degree tilt in any direction without tipping over. With its suspension, the rover can also roll over rocks and other obstacles as well as through depressions the size of its wheels.
Charged with returning astronauts to the Moon by 2024, NASA's Artemis lunar exploration plan will establish a sustained human presence on and around the Moon by 2028. Nasa will use the experience gained on the Moon to prepare to send astronauts to Mars.