I once had a chance to hijack the Voyager spacecraft or at least that's how it seemed. It was back in 1999 and I was in a red-brick building on an unremarkable stretch of Madre Street in Pasadena, a little outpost of NASA's Jet Propulsion Laboratory (JPL) that was home to the few lonely consoles still monitoring the twin Voyager spacecraft. Even at that point, the ships had long since completed their primary missions. Voyager 1 was 6.51 billion miles from Earth; Voyager 2 was 5.02 billion, and while they were (and indeed, still are) beaming back information about the deepest reaches of the solar system, it was hardly the kind of picture-rich data-stream that requires a full-blown mission control team to manage. So it was down to just a console or two on Madre Street, one of which was unattended and bore a bright orange sticker with the all-caps notice: "CAUTION. THIS IS A LIVE VOYAGER CONSOLE. DO NOT TOUCH."
I didn't touch and I would have hardly known what kinds of mischievous signals to send the ships even if I had. But there are plenty of people around with a decidedly more criminal bent, and these days, they've got the know-how to strike. Worse, they don't even have to go to Madre Street or any other part of NASA's vast web of control centers anymore. They can and increasingly do reach into the space agency's systems from anywhere in the world.
In detailed testimony delivered on Thursday to a House subcommittee on investigations and oversight, NASA Inspector General Paul Martin painted a disturbing picture of an agency under electronic siege, with hackers from China, Italy, the U.K., Nigeria, Portugal, Romania, Turkey, Estonia and the U.S. itself attempting increasingly brazen attacks on operations both on the ground and in space. The network controlling the space shuttles was cracked, and while those ships have since been mothballed, the International Space Station (ISS) remains a fat and floating target. In perhaps the most alarming portion of Martin's testimony, it was revealed that just under a year ago, a laptop was stolen, and on its hard drive were critical algorithms used to command the ISS.
Overall, in 2010 and 2011, there were a breathtaking 5,408 computer security incidents involving either unauthorized access to NASA systems or the insertion of malware. In 2011, there were 47 major instances of hacking, 13 of which were successful at least to the extent that they somehow affected the operation of the targeted computers. In one case, "the attackers had full, functional control over...networks," Martin said in his official statement to the committee.
Bloggers and much of the rest of the web have been all over the story, anxious as ever to pounce on any new incident of perceived NASA fecklessness. And while the report is serious, you can be pretty sure we're at no risk of seeing some basement hacker send the ISS pinwheeling into solar orbit. The systems are just too complex and redundant for that. What's more, NASA is doing a creditable job of working to contain the problem and at the same time providing a possible template for other government agencies facing cybersecurity threats of their own.
One of the main reasons for NASA's particular vulnerability to cyberattack apart from the fact that is has so many computers and is uniquely dependent on communicating with people and machines very, very far away is that is has such a multiplicity of headquarters and centers. This was by design and dates from the 1950s, when the agency was first formed.
Rather than building NASA from scratch, Washington officials simply went cherry-picking from among existing tech labs, military bases and missile sites around the country Ames in California, Canaveral in Florida, Huntsville in Alabama, Goddard in Maryland. The only major NASA center built de novo was in Houston, and that was the doing of Lyndon Johnson, who was Vice President at the time and wanted his home state to get the biggest, sweetest NASA plum of all. This kind of distributed structure did limit start-up costs and help in the dissemination of science, but it left the NASA of half a century later with a lot of weak spots in a security system that has to weave so many disparate servers and databases together.