Cyber Incident Victim: NASA Jet Propulsion Laboratory
Date:
Apr 2018
Location:
United States of America
Summary
A cybersecurity breach at NASA's Jet Propulsion Laboratory involved unauthorized access through an unauthorized Raspberry Pi connected to its network, enabling attackers to exfiltrate 500 megabytes of data from a major mission system and infiltrate deeper into the network. The compromise extended to critical infrastructure including the Deep Space Network, prompting security teams for sensitive programs like the Orion spacecraft and International Space Station to disconnect from the broader agency network. Investigators identified systemic weaknesses including inadequate network segmentation, insufficient monitoring of connected devices, and unresolved security tickets lingering for extended periods, alongside incident response practices misaligned with NASA standards.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April 2018, unauthorized hackers exploited a Raspberry Pi device that had been improperly connected to NASA's Jet Propulsion Laboratory (JPL) network without authorization. The attackers used this device to gain initial access to JPL systems, subsequently exfiltrating approximately 500 megabytes of data from one of the laboratory's major mission systems. The compromised Raspberry Pi also served as an entry point for deeper network penetration, enabling access to additional critical infrastructure including NASA's Deep Space Network – the global array of antennas supporting interplanetary spacecraft missions. This breach prompted security teams responsible for highly sensitive programs, including the Orion Multi-Purpose Crew Vehicle project and International Space Station operations, to voluntarily disconnect their systems from JPL's network as a precautionary containment measure. The disconnections occurred due to concerns about potential lateral movement by attackers through interconnected systems.
NASA's Office of Inspector General (OIG) conducted a post-incident investigation that revealed systemic cybersecurity deficiencies at JPL. Investigators identified inadequate network segmentation that failed to properly isolate critical systems from general network traffic, along with insufficient monitoring capabilities that limited visibility into connected devices. The audit also found unresolved security vulnerability tickets in JPL's tracking system, with some remaining unaddressed for periods exceeding 180 days. Additionally, JPL's incident management protocols were found to deviate from NASA's established cybersecurity guidelines. In response to these findings, the OIG issued multiple corrective recommendations which NASA management accepted except for one proposal to implement formalized threat-hunting procedures. NASA committed to verifying implementation of accepted recommendations before formally closing the investigation. The data breach and subsequent security review exposed significant vulnerabilities in JPL's cyber defenses despite its advanced technological capabilities in space exploration systems.