The International Space Station has its own isolated network of computers that run everything from critical life support systems to scientific experiments. Just because its isolated from the veritable electronic ecosystem that is the terrestrial Internet, however, it doesn’t mean it’s safe from being attacked by malware or succumbing to a viral epidemic.
This was the ‘shocking’ revelation revealed by anti-virus guru Eugene Kaspersky at the Press Club in Canberra, Australia, earlier this month. During his presentation, the outspoken Russian businessman discussed the cyber threats to global security and economy.
The Kaspersky Lab founder discussed cyber crime, espionage and infrastructure attacks as the key elements of modern online security risks in descending frequency but ascending risk. He identified attacks on critical infrastructure as of most serious concern, despite there being only “2 or 3 a year.” He used the attack on the financial system in Seoul, South Korea, as one recent example, but other examples included attacks on Middle East oil companies and rumors of an attack on a Brazilian nuclear reactor.
Focusing on the Stuxnet virus — a malicious piece of code that was allegedly created by U.S. and Israeli programmers to attack Iranian nuclear reactors — Kaspersky outlined a few examples as to how the virus has spread beyond its intended target, inadvertently infecting an unnamed Russian nuclear reactor.
Stuxnet is designed to be spread indiscriminately via Microsoft Windows networks and can be manually uploaded to isolated critical systems by infected USB drives, for example. The worm then gets to work targeting specific Siemens industrial control systems that monitor industrial processes. By design, Stuxnet is focused on Iran’s suspected uranium enrichment infrastructure, but according to Kaspersky, Stuxnet has spread into the wilds of the Internet and started to attack nuclear reactor systems in other nations, including Russia.
However, he did not say that Stuxnet had infected the International Space Station, as some news outlets incorrectly assumed.
Using the International Space Station as an example of an isolated critical infrastructure, Kaspersky pointed out that despite being in space, it is still vulnerable to attack. In fact, on a number of occasions over the years the orbiting outpost’s computers have become infected by malware.
“Scientists, from time to time, are coming to space with USBs which are infected. I’m not kidding,” he said. “I was talking to Russian space guys and they said ‘yes, from time to time there are virus epidemics in the space station.’”
He added: “Unfortunately (critical infrastructure networks) are not safe by design.”
In 2008, the space station’s systems became infected by the harmless W32.Gammima.AG worm — a piece of software that gathers and transmits sensitive gaming data to an attacker. It’s thought the worm was carried into space via an infected flash drive.
Fortunately for astronauts and cosmonauts on the space station, in May this year, it was announced that computer systems would be migrated from the Windows XP operating system to a more secure GNU/Linux operating system, the latter of which is more resilient to accidental uploading of malicious software. This move alone would stamp out any worry of Stuxnet migrating into orbit and substantially reduce the risk of errant worms like W32.Gammima.AG setting up home.
While it’s highly debatable whether Stuxnet would have any undesirable effect on the space station (even if it did become infected, which it is not), Kaspersky has highlighted the need for keeping malicious software on the ground, while bulking up network security — a battle, it seems, we’re not winning.
Image: NASA astronaut Karen Nyberg works on computers at the space station’s robotics workstation. Fortunately, no Stuxnet virus is bundled in with the software. Credit: NASA