[HN Gopher] How the JPL works to secure its missions from advers...
___________________________________________________________________
How the JPL works to secure its missions from adversaries
Author : ajaviaad
Score : 116 points
Date : 2020-02-09 14:07 UTC (8 hours ago)
(HTM) web link (techcrunch.com)
(TXT) w3m dump (techcrunch.com)
| TimTheTinker wrote:
| Fascinating article! One of the most interesting details is that
| they create logical network graphs, then query them using Datalog
| to logically quantify threats to each subsystem given access to a
| particular area. The example given in the article is querying all
| possible attack paths to all systems from the cafeteria WiFi
| network.
| jvanderbot wrote:
| Awesome! I worked lately with Arun on a proposal to do some R&D
| on this topic. Great to see it getting some sunlight.
|
| But man, talking about "the JPL" reads awkwardly.
| apawloski wrote:
| Here is the NASA Inspector General's report on JPL cybersecurity
| practices from last year: https://oig.nasa.gov/docs/IG-19-022.pdf
| cat199 wrote:
| > Each mission at JPL is like its own semi-independent startup.
|
| We as people used to call these 'projects'.. I fail to see how a
| funded mission within a gov't organization which will never sell
| anything is anything at all like a small company bootstrapping a
| commercial product..
| supernova87a wrote:
| They lost me at "the" JPL.
| foobarbecue wrote:
| Nobody says "the JPL." It's just "JPL".
| ajaviaad wrote:
| Techcrunch says the JPL
| foobarbecue wrote:
| Haha, good point. I meant they did that in error.
| oso2k wrote:
| We "JPLers" call it "JPL" or "The Lab".
| saber6 wrote:
| As a network architect I'm kind of surprised they couldn't answer
| basic questions such as "can someone sitting in a general user
| access segment (eg Cafeteria) access critical resource X by
| default?"
|
| This is a fairly standard infosec method already in use for a
| long time (defense in depth, enclave-based security
| architectures, etc).
|
| Not knocking them - JPL are wonderful people. If I had to guess
| they did not have funding for this prior, got caught
| (embarrassed) and now are correctly allocating resources to deal
| with the issue. Good news!
| oso2k wrote:
| I last worked at JPL 10 years ago but all mission systems lived
| on many distinct networks of "dark cable and fiber". Physical
| access to mission networks was usually heavily guarded. It
| would take accessing several doors to just be in a room with a
| network drop or telco closet.
|
| Access in any of cafeterias (there's more than 1) over WiFi is
| limited to common systems and the internet. There was no Cat5/6
| in the cafeterias. There was also a further limited Guest WiFi
| network for media, guests and the like with bandwidth limited
| access to the internet only.
| joshspankit wrote:
| Asking those questions in "as-planned" scenarios are fairly
| easy, but I think we can all agree that even after a year or
| two of "tiny tweaks", reality can be different than what was
| implemented as planned.
| TimTheTinker wrote:
| My understanding is that this was more about potential attack
| chains than direct access paths.
| mturmon wrote:
| This is the kind of event (although technically unrelated to
| the OP) that caused resources to be allocated as you suggest:
| https://www.space.com/13423-hackers-government-satellites.ht...
|
| Some of the specific accomplishments in OP (network inventory,
| network topology) seem related to this intrusion:
| https://www.drizgroup.com/driz_group_blog/nasas-jet-propulsi...
| jvanderbot wrote:
| I think that was an ad hoc example to illustrate the tech, not
| an actual use. It actually makes no sense in context; Ive
| worked from the cafeteria a lot, the coffee is endless and
| nobody knows where I am.
| icegreentea2 wrote:
| I think the previous statement that each mission spins up its
| own infrastructure, and that their data model encompasses a
| significant mix of systems points to the question not being,
| "should someone sitting in a cafeteria access critical resource
| X by default", but rather, "is it actually true that someone
| sitting in a cafeteria cannot access resource X1 through XN by
| default".
|
| In order words, I think what they're trying to work from is
| that their existing systems don't present a unified or
| homogeneous set of interfaces or design or control. What
| they're trying to solve is how to fit a homogeneous interface
| onto their existing mess.
| lazulicurio wrote:
| > the question [isn't], "should someone sitting in a
| cafeteria access critical resource X by default", but rather,
| "is it actually true that someone sitting in a cafeteria
| cannot access resource X1 through XN by default"
|
| I think that this is probably the main purpose of the system.
| The is-ought problem can become very tricky to manage with a
| complex network, especially if the team is on the larger size
| or geographically distributed.
| closeparen wrote:
| I've never been in an environment that does security this way
| so I'm curious about it: if they have the proper credentials
| and permissions, why would it matter where they're sitting?
|
| When someone is granted access to a new resource, do you have
| to move them to a different network segment? What if there's
| not already a segment with the right combination of resources?
| Provision a new one on the fly? Or maybe grant more access than
| needed at the same time? We just have _nginx_ check if you have
| the required LDAP group for the URL before forwarding into
| production. Typically one group per tool.
|
| What about temporary access? There are tools at my workplace
| where manager approval gets you access for 24 hours. As I
| understand it, there's just a cron job purging people every so
| often at which point nginx will start bouncing you again. Can
| you do something similar with VLANs? Is that sane?
| xenihn wrote:
| My girlfriend's family has a bunch of software engineers who
| worked on various space programs as employees for the major
| defense contractors (Boeing, Lockheed Martin, Raytheon), and
| they had nothing but bad things to say about NASA software
| engineers, and working with NASA in general. Maybe things have
| changed in the past 16 years, though. Could also just be
| typical private vs. public rivalry.
| oso2k wrote:
| Professional rivalries. But IMO, NASA engineers are some of
| the best and many approach the "scary smart" or renaissance
| levels of breath & depth of intelligence. Also, on the whole,
| at least at JPL, our engineers were some of the most ethical
| in terms of personal accountability and corporate
| accountability. Fewer ethics violations and higher accuracy
| in identifying and reporting ethics violations especially as
| compared to the rest of the industry.
| exdsq wrote:
| Is there a general sort of background for a JPL engineer?
| Do they tend to come in straight after university or do
| they join later in their careers? It must be fun to work on
| such critical systems with so little margin for error.
| oso2k wrote:
| Physics, Engineering, Math, Science, CS were obviously
| prized backgrounds. Over the last 10 years, I think JPL
| is diversifying but I couldn't be sure. When I joined as
| an intern in 2002 out of college, there was a huge push
| for youth. It used to be that more than 40% of The Lab
| had 20 years or more experience at The Lab. 33% were due
| to retire within 10 years. My first mentor there retired
| after 42 years with The Lab. It was an amazing place to
| learn and grow in my 20s. Awesome problems to work on and
| even more amazing people, humans, to work with.
|
| You can see what they're looking for here
| https://jpl.jobs/
| exdsq wrote:
| Interesting! It's up there with X as one of the top
| companies I'd love to work for but I'm a UK citizen which
| writes JPL off, unfortunately I can only admire it from
| the outside!
| mturmon wrote:
| NASA is a big place, so you can't make statements at that
| level of generality.
|
| Here's Arun Viswanathan's google scholar page:
| https://scholar.google.com/citations?user=jdotmygAAAAJ&hl=en
| toomuchtodo wrote:
| The trick is to not let a crisis go to waste, and use it to get
| the people and dollars you otherwise wouldn't have been able to
| justify.
| Stierlitz wrote:
| "a spike in CPU usage might indicate a compromised server being
| used for cryptocurrency mining."
|
| What's abnormal about that statement is that it is now considered
| normal.
| thrower123 wrote:
| A generation ago, it would probably have indicated that
| engineers were goofing off playing Doom...
| DailyHN wrote:
| The Space Force
| Stierlitz wrote:
| "there's a red-thingy moving toward the green-thingy .. I think
| we're the green-thingy."
| ycombonator wrote:
| All their stuff got exfiltrated to China long time ago. It's too
| late compadres.
___________________________________________________________________
(page generated 2020-02-09 23:00 UTC)