[HN Gopher] How the JPL works to secure its missions from advers... ___________________________________________________________________ How the JPL works to secure its missions from adversaries Author : ajaviaad Score : 116 points Date : 2020-02-09 14:07 UTC (8 hours ago) (HTM) web link (techcrunch.com) (TXT) w3m dump (techcrunch.com) | TimTheTinker wrote: | Fascinating article! One of the most interesting details is that | they create logical network graphs, then query them using Datalog | to logically quantify threats to each subsystem given access to a | particular area. The example given in the article is querying all | possible attack paths to all systems from the cafeteria WiFi | network. | jvanderbot wrote: | Awesome! I worked lately with Arun on a proposal to do some R&D | on this topic. Great to see it getting some sunlight. | | But man, talking about "the JPL" reads awkwardly. | apawloski wrote: | Here is the NASA Inspector General's report on JPL cybersecurity | practices from last year: https://oig.nasa.gov/docs/IG-19-022.pdf | cat199 wrote: | > Each mission at JPL is like its own semi-independent startup. | | We as people used to call these 'projects'.. I fail to see how a | funded mission within a gov't organization which will never sell | anything is anything at all like a small company bootstrapping a | commercial product.. | supernova87a wrote: | They lost me at "the" JPL. | foobarbecue wrote: | Nobody says "the JPL." It's just "JPL". | ajaviaad wrote: | Techcrunch says the JPL | foobarbecue wrote: | Haha, good point. I meant they did that in error. | oso2k wrote: | We "JPLers" call it "JPL" or "The Lab". | saber6 wrote: | As a network architect I'm kind of surprised they couldn't answer | basic questions such as "can someone sitting in a general user | access segment (eg Cafeteria) access critical resource X by | default?" | | This is a fairly standard infosec method already in use for a | long time (defense in depth, enclave-based security | architectures, etc). | | Not knocking them - JPL are wonderful people. If I had to guess | they did not have funding for this prior, got caught | (embarrassed) and now are correctly allocating resources to deal | with the issue. Good news! | oso2k wrote: | I last worked at JPL 10 years ago but all mission systems lived | on many distinct networks of "dark cable and fiber". Physical | access to mission networks was usually heavily guarded. It | would take accessing several doors to just be in a room with a | network drop or telco closet. | | Access in any of cafeterias (there's more than 1) over WiFi is | limited to common systems and the internet. There was no Cat5/6 | in the cafeterias. There was also a further limited Guest WiFi | network for media, guests and the like with bandwidth limited | access to the internet only. | joshspankit wrote: | Asking those questions in "as-planned" scenarios are fairly | easy, but I think we can all agree that even after a year or | two of "tiny tweaks", reality can be different than what was | implemented as planned. | TimTheTinker wrote: | My understanding is that this was more about potential attack | chains than direct access paths. | mturmon wrote: | This is the kind of event (although technically unrelated to | the OP) that caused resources to be allocated as you suggest: | https://www.space.com/13423-hackers-government-satellites.ht... | | Some of the specific accomplishments in OP (network inventory, | network topology) seem related to this intrusion: | https://www.drizgroup.com/driz_group_blog/nasas-jet-propulsi... | jvanderbot wrote: | I think that was an ad hoc example to illustrate the tech, not | an actual use. It actually makes no sense in context; Ive | worked from the cafeteria a lot, the coffee is endless and | nobody knows where I am. | icegreentea2 wrote: | I think the previous statement that each mission spins up its | own infrastructure, and that their data model encompasses a | significant mix of systems points to the question not being, | "should someone sitting in a cafeteria access critical resource | X by default", but rather, "is it actually true that someone | sitting in a cafeteria cannot access resource X1 through XN by | default". | | In order words, I think what they're trying to work from is | that their existing systems don't present a unified or | homogeneous set of interfaces or design or control. What | they're trying to solve is how to fit a homogeneous interface | onto their existing mess. | lazulicurio wrote: | > the question [isn't], "should someone sitting in a | cafeteria access critical resource X by default", but rather, | "is it actually true that someone sitting in a cafeteria | cannot access resource X1 through XN by default" | | I think that this is probably the main purpose of the system. | The is-ought problem can become very tricky to manage with a | complex network, especially if the team is on the larger size | or geographically distributed. | closeparen wrote: | I've never been in an environment that does security this way | so I'm curious about it: if they have the proper credentials | and permissions, why would it matter where they're sitting? | | When someone is granted access to a new resource, do you have | to move them to a different network segment? What if there's | not already a segment with the right combination of resources? | Provision a new one on the fly? Or maybe grant more access than | needed at the same time? We just have _nginx_ check if you have | the required LDAP group for the URL before forwarding into | production. Typically one group per tool. | | What about temporary access? There are tools at my workplace | where manager approval gets you access for 24 hours. As I | understand it, there's just a cron job purging people every so | often at which point nginx will start bouncing you again. Can | you do something similar with VLANs? Is that sane? | xenihn wrote: | My girlfriend's family has a bunch of software engineers who | worked on various space programs as employees for the major | defense contractors (Boeing, Lockheed Martin, Raytheon), and | they had nothing but bad things to say about NASA software | engineers, and working with NASA in general. Maybe things have | changed in the past 16 years, though. Could also just be | typical private vs. public rivalry. | oso2k wrote: | Professional rivalries. But IMO, NASA engineers are some of | the best and many approach the "scary smart" or renaissance | levels of breath & depth of intelligence. Also, on the whole, | at least at JPL, our engineers were some of the most ethical | in terms of personal accountability and corporate | accountability. Fewer ethics violations and higher accuracy | in identifying and reporting ethics violations especially as | compared to the rest of the industry. | exdsq wrote: | Is there a general sort of background for a JPL engineer? | Do they tend to come in straight after university or do | they join later in their careers? It must be fun to work on | such critical systems with so little margin for error. | oso2k wrote: | Physics, Engineering, Math, Science, CS were obviously | prized backgrounds. Over the last 10 years, I think JPL | is diversifying but I couldn't be sure. When I joined as | an intern in 2002 out of college, there was a huge push | for youth. It used to be that more than 40% of The Lab | had 20 years or more experience at The Lab. 33% were due | to retire within 10 years. My first mentor there retired | after 42 years with The Lab. It was an amazing place to | learn and grow in my 20s. Awesome problems to work on and | even more amazing people, humans, to work with. | | You can see what they're looking for here | https://jpl.jobs/ | exdsq wrote: | Interesting! It's up there with X as one of the top | companies I'd love to work for but I'm a UK citizen which | writes JPL off, unfortunately I can only admire it from | the outside! | mturmon wrote: | NASA is a big place, so you can't make statements at that | level of generality. | | Here's Arun Viswanathan's google scholar page: | https://scholar.google.com/citations?user=jdotmygAAAAJ&hl=en | toomuchtodo wrote: | The trick is to not let a crisis go to waste, and use it to get | the people and dollars you otherwise wouldn't have been able to | justify. | Stierlitz wrote: | "a spike in CPU usage might indicate a compromised server being | used for cryptocurrency mining." | | What's abnormal about that statement is that it is now considered | normal. | thrower123 wrote: | A generation ago, it would probably have indicated that | engineers were goofing off playing Doom... | DailyHN wrote: | The Space Force | Stierlitz wrote: | "there's a red-thingy moving toward the green-thingy .. I think | we're the green-thingy." | ycombonator wrote: | All their stuff got exfiltrated to China long time ago. It's too | late compadres. ___________________________________________________________________ (page generated 2020-02-09 23:00 UTC)