During a recent Senate hearing, top NASA officials admitted that it is "incredibly difficult to keep NASA's defenses up." Here's why.      

Who is targeting NASA?

During his testimony before Congress, NASA Inspector General Paul Martin made it clear that there are a number of nation-states as well as domestic actors who are actively attempting to penetrate the space agency's networks. However, when pressed to name specific countries, Martin noted that China in particular has attempted to steal NASA data as well as intellectual property and PPI.

In Martin's words: "NASA is taking steps to secure its intellectual property and its networks from attacks both from China and from a series of other countries and also local hackers. We have conducted a series of criminal investigations, and we work with the FBI and counterintelligence officials when we get leads on these issues."

Furthermore, the Justice Department has recently moved to indict three Iranian hackers on charges of hacking into several US space and satellite companies. Significantly, the Justice Department alleges that the hacks were conducted on behalf of Iran's Islamic Revolutionary Guard Corps (a paramilitary group that the US has designated as a terrorist organization).

Why is NASA being targeted?

From what we can gather, the attackers are not interested in sabotaging NASA missions or projects. They're rather looking to obtain access to NASA's IP and technology data as well as sensitive PPI:

"NASA has vast troves of intellectual information capital that it has spent decades amassing. I think country actors are after that information, the innovations that NASA is so famous for around the world," said Martin. "There is everything from PII [personally identifiable information], contractual data on the systems, so there is a vast and wide array."

How is NASA being targeted?

As we've seen with most recent large profile attacks, like the recently foiled plan to hack Tesla, the hackers are focusing their efforts on social engineering tactics. Martin noted that 'work from home' measures that have been put in place due to COVID has forced NASA to manage a wide array of private devices and networks that can be nearly impossible to secure.

For example, before the pandemic, an average of 12,000 employees attempted to connect to NASA's VPN each day. Now, that number has risen to over 40,000.

In addition, it is simply the current state of cybersecurity that the easiest way into most protected systems is through its people, not its tech. As NASA's acting Chief Information Officer Jeff Seaton testified:

"We have seen an increase in phishing attacks and at the lower level some other attacks," Seaton said. "When it comes down to it, you and I are the most vulnerable parts of our IT environment, the people, so we tried to put in place automated controls to make that easier for our employees, and have seen significant improvements in phishing protections over the last two years."

To learn more about how to keep your organization protected while working remotely, check out Silent Breach's Cybersecurity Survival Guide to Remote Working.