The network NASA uses to deliver telemetry ground-based tracking, data and communications services to a wide range of current and future spacecraft needs a serious bump in security technology.
That was the conclusion of the space agency’s Office of Inspector General which stated: “We found that NASA, [NASA’s Goddard Space Flight Center in Greenbelt, MD, which manages the network] failed to comply with fundamental elements of security risk management reflected in Federal and Agency policies. We believe that these deficiencies resulted from inadequate Agency oversight of the network and insufficient coordination between stakeholders. These deficiencies unnecessarily increase the network’s susceptibility to compromise.”
+More on Network World: NASA details bleeding edge communications ideas+
The OIG went on to state that NASA’s network assets are located in extreme environments such as Alaska and Antarctica, making maintenance on the aging structures more difficult. Constrained budgets have also led the Agency to defer some maintenance activities, which, on at least one occasion, has contributed to the unexpected failure of network equipment.
The Near Earth Network uses four NASA-owned ground stations, three in the United States –on the campus of the University of Alaska, in Fairbanks; on the Wallops Flight Facility (Wallops) in Virginia; and on the White Sands Complex (White Sands) in New Mexico –and one at the McMurdo Station in
Antarctica to offer services to over 40 missions with satellites in low Earth orbit (LEO), geosynchronous orbit (GEO) highly elliptical orbit, Lunar orbit and missions with multiple frequency bands.
+More on Network World: +
“At the time of our audit, NASA was expanding the network’s capacity by installing new antennas at the Kennedy Uplink Station at Kennedy Space Center and at the Ponce de Leon Ground Station in New Smyrna Beach, Florida. A portion of this new capacity will be dedicated to supporting the launch activities for the vehicles NASA intends to use to send humans into deep space –the Space Launch System (SLS) and Orion Multi-Purpose Crew Vehicle (Orion). NASA also installed a third antenna at the Fairbanks facility, which became operational in July 2014,” the OIG stated.
The problems cited by the OIG included:
- Information system connections between the network and the external entities that support its operations are not managed in accordance with Federal and NASA policy. As a result, the agency does not have sufficient visibility into the security posture of these external systems and cannot ensure the owners are able to adequately respond to or report security events.
- IT security controls, such as software that identifies malicious code, are not in place or functioning as intended.
- Due to insufficient coordination between the Network, Goddard, and NASA Office of Protective Services physical security controls have not been implemented on NASA-owned and supporting contractor facilities in accordance with Agency or Federal standards.
- Network components are at risk of unexpected failure due to their age and lack of proactive maintenance. Although the network is performing preventative maintenance on NASA-owned assets, it has not been performing or tracking depot-level maintenance on this equipment. This failure to proactively inspect and replace cables and mechanical systems that are reaching their failure point has already resulted in one unexpected breakdown and could require the network to purchase more costly commercial services in the future.
- NASA assigned a security categorization rating of “Moderate” to the Near Earth Network and did not include the network in its Critical Infrastructure Protection Program. We believe this categorization was based on flawed justifications and that the network’s exclusion from the Protection Program resulted from a lack of coordination between network stakeholders. Given the importance of the network to the success of NASA Earth science missions, the contingency support it provides for the Space Network, and the plans for it to support human space flight in the future, we believe a higher categorization rating and inclusion in the Protection Program is warranted.
The OIG said that NASA management agreed with almost all of its recommendations to fix issues with the exception of reclassifying the network completely. The OIG said that NASA’s Associate Administrator for Human Exploration and Operations and the Chief Information Officer agreed to recategorize the portion of the network that supports the SLS and Orion as a “High “system, but intend to retain the “Moderate “rating for the rest of the network because it is not critical to the operation of any NASA spacecraft or spacecraft program. We have concerns regarding this rationale. As discussed in our report, we do not believe the network operates simply as a “pass through “for communications. Rather, network components must store (albeit temporarily) and process data and commands prior to transmitting to the spacecraft. Given the importance of the network to the success of NASA Earth science missions and the launch and contingency support it provides other Federal agencies, we continue to believe the entire network should be categorized as “High,” the OIG stated.
Check out these other hot stories:
Air Force faces challenges managing drone force
DARPA: Show us how to weaponize benign technologies
Boeing’s self-cleaning aircraft bathroom lets you use loo without touching anything (mostly)
US national lab advances wireless charging for electric cars
DARPA moves ahead with radical vertical takeoff aircraft
US Marshals warn of ongoing nationwide telephone scam
Feds find $2.8 billion in data center consolidation savings – watchdog says could do better
Energy Dept. sets 9 finalists for $2.25M wave energy prize
Facebook cyberstalker gets 10 years in slammer
IRS warns of nasty W-2 phishing scheme
FTC: Imposter scams, identity theft, and debt collection top consumer grumbles