Skip to content

Unidentified Hacking Objects

March 31, 2011

Earlier this week, I blogged about Vanity Fair’s extensive (and excellent) piece on Stuxnet.  Of course, as we all know by now, Stuxnet’s payload is designed to attack a significant weakness: dedicated technologies in the energy industry.  Now, as we find out in a report (703KB, PDF format) from the Office of the Inspector General (OIG) at NASA, a similar vulnerability may exist on systems that are used to control satellites and other spacecraft, potentially rendering them unusable.

There are some similarities between equipment used in the energy industry, and equipment used by NASA:

  • There’s a lot of remotely-accessible stuff out there (either TCP/IP-enabled, or remotely controlled by systems that touch IP-enabled networks), whether it’s a programmable logic controller in a power distribution substation, or a transponder circuit or station keeping system on an orbiting satellite.
  • Much of the technology used in both industries was not designed with the thought of security foremost in the minds of the engineers.  This isn’t meant to disparage real-time equipment engineers; no doubt that the focus has generally been on functionality and (especially in the case of spacecraft and other orbital equipment) efficiency of power and space utilization.
  • Off-the-shelf OS’s, applications, and other technologies are used to control dedicated hardware.

This kind of problem is not good for NASA, for obvious reasons; while the report (understandably) didn’t get into the details of specific missions that could have been directly compromised by the vulnerabilities (International Space Station? Hubble? MESSENGER, which is currently sending us all those cool pictures of the surface of Mercury?).  The OIG should be commended for disclosing this potentially damaging information, but more importantly, how did it happen in the first place?  Well, as you might expect (and according to the report), the problem is inadequate security controls, including a lack of continuous monitoring.

We harp on the continuous monitoring concept a lot at eIQ, particularly since it is a key function of situational awareness — the core of our SecureVue platform.  However, we harp on it for a reason: in a world of increasing risks, where malicious attackers have the advanced tools to seek out previously-unexploited attack vectors, continuous monitoring, correlation, and analysis of your security posture is the only way you’re going to discover and eliminate these potentially dangerous flaws.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: