A significant cyber assault has resulted in the disruption of remote connections to renowned space telescopes under the administration of the National Science Foundation (NSF) across the globe, as reported by Science magazine. Over the span of two weeks, ten telescopes have suffered from the attack, with on-site personnel managing to maintain partial functionality, albeit with decreased efficiency. This series of shutdowns is triggering disorder within the realm of astronomy, leading to the forfeiture of numerous critical opportunities for celestial observations. Despite the frustration experienced by researchers reliant on these telescopes, experts remain perplexed regarding the motives behind targeting these instruments.
According to an update provided in a press release by NOIRLab (the coordinating center for ground-based astronomy under the NSF), “NOIRLab is persistently working to investigate and address the cybersecurity incident that occurred within its computer systems on 1st August. This incident prompted the temporary cessation of operations at both the Gemini North and South telescopes, as well as some smaller telescopes situated on Cerro Tololo in Chile.”
NOIRLab further specified, “The telescopes located on Kitt Peak in Arizona have remained unaffected. Additionally, the website Gemini.edu is presently offline. Our personnel are collaborating with cybersecurity experts to promptly reinstate the functionality of all impacted telescopes and our website. We are encouraged by the progress achieved thus far.”
Disarray Caused by Cyberattack
Ongoing shutdowns have compelled research groups to join forces in identifying alternatives as vital observation windows slip out of reach. Given the unavailability of remote control for several telescopes, certain teams might need to deploy graduate students to various locations in Chile to provide relief to on-site staff, who have been tirelessly operating instruments directly over the past fortnight, as described by Science magazine.
Gautham Narayan, an astronomer from the University of Illinois Urbana-Champaign, conveyed, “We are united in this predicament.” Narayan’s team is racing to salvage their prospects of observing new supernovas with one of the affected Chilean telescopes. He added, “[The astronomy community is displaying] a resolute determination to persevere despite these trying circumstances.”
The Cyberattack’s Genesis
On August 1, 2023, NOIRLab disclosed that a cyberattack had targeted its Gemini North telescope in Hilo, Hawaii. In response, NOIRLab suspended operations at the International Gemini Observatory, housing the Hilo telescope as well as its twin, Gemini South, positioned on Cerro Pachón mountain in Chile. Fortunately, the latter was already offline for a scheduled maintenance period.
NOIRLab also severed the connection between its computer network and the Mid-Scale Observatories (MSO) network located on Cerro Tololo and Cerro Pachón in Chile. This move rendered remote observations unfeasible for several telescopes, including the Víctor M. Blanco 4-meter and SOAR telescopes. Consequently, NOIRLab halted observations at eight additional affiliated telescopes in Chile.
Elusive Motivation
NOIRLab has abstained from divulging further details about the incident, even to its employees. Cybersecurity specialists are puzzled by the assailant’s rationale for targeting Gemini North. Von Welch, former head of the NSF Cybersecurity Center of Excellence, speculates that the attacker might not even realize that their target is an observatory.
Astronomers are now driven to heighten cybersecurity protocols to safeguard their facilities, despite the lack of insight into how the systems of Gemini North and NOIRLab were breached. Gautham Narayan recommended that the entire astronomical community reevaluate its management of identity and access software and recognize the potential harm that a seemingly simple oversight like a lost password can incur.
Patrick Lin, leader of an NSF-backed space cybersecurity initiative at California Polytechnic State University, emphasized, “Even constructing the sturdiest, most impregnable fortress becomes ineffective if even a single door or window is left unlocked.” He further noted, “The weakest link often resides within us, the humans.”
