20.08.2023
As astronomers lose valuable windows for observations, cybersecurity experts wonder why hackers would target such facilities
Operations at the Gemini North telescope, located on Mauna Kea in Hawaii, were shut down after a “cyber incident” was reported on 1 August.INTERNATIONAL GEMINI OBSERVATORY/NOIRLAB/NSF/AURA/T. SLOVINSKÝ/WIKIMEDIA COMMONS
A mysterious “cyber incident” at a National Science Foundation (NSF) center coordinating international astronomy efforts has knocked out of commission major telescopes in Hawaii and Chile since the beginning of August. Officials have halted all operations at 10 telescopes, and at a few others only in-person observations can be conducted.
With no clear resolution to the shutdown in sight, research teams are uniting to figure out alternatives as critical observation windows spin out of reach. Given remote control of many telescopes is no longer available, some groups may rush graduate students to Chile to relieve exhausted on-site staff who have spent the past 2 weeks directly operating instruments there.
“We’re all in this together,” says Gautham Narayan, an astronomer at the University of Illinois Urbana-Champaign whose team is trying to save its chance to observe new supernovas using one of the affected Chilean telescopes. The astronomy community has a “grim determination to press on, despite the trying circumstances,” he adds.
NOIRLab, the NSF-run coordinating center for ground-based astronomy, first announced the detection of an apparent cyberattack on its Gemini North telescope in Hilo, Hawaii, in a 1 August press release. Whatever happened may have placed the instrument in physical jeopardy. “Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory,” the center’s release said.
In response to the incident, NOIRLab powered down all operations at the International Gemini Observatory, which runs the Hilo telescope and its twin, Gemini South, on Cerro Pachón mountain in Chile. (The latter was already offline for a planned outage.) Together, the two 8.1-meter telescopes have revealed vast swaths of celestial wonders—from the birth of supernovae to the closest known black hole to Earth.
Normally, NOIRLab’s computer systems let astronomers remotely operate a variety of other optical ground-based telescopes. But on 9 August the center announced it had also disconnected its computer network from the Mid-Scale Observatories (MSO) network on Cerro Tololo and Cerro Pachon in Chile. This action additionally made remote observations impossible at the Víctor M. Blanco 4-meter and SOAR telescopes. NOIRLab has stopped observations at eight other affiliated telescopes in Chile as well.
NOIRLab has provided few further details about the matter, even to employees. The center declined to answer Science’s query on whether the incident was a ransomware attack, in which hackers demand money for the return of information or control of a facility. A NOIRLab spokesperson tells Science that the center’s information technology staff is “working around the clock to get the telescopes back into the sky.”
Narayan praises NOIRLab’s “exemplary” response, and he and other astronomers express sympathy for the center. “I assume the challenges they’re facing are bigger than me not getting observations,” says Luis Welbanks, an astronomy postdoc at Arizona State University. But the longer the shutdowns last, the more anxious astronomers are getting. Multiple international projects, as well as doctoral theses and papers under development, depend on data from the telescopes.
Ground-based astronomical research often depends on observations precisely timed for when extraterrestrial objects align with the field of view for specific telescopes. Astronomers try to plan for various delays—anything from bad weather to a power outage or a cracked mirror can bump a project down a queue—but hackers have not typically figured into their calculations. “We’re lucky enough to make it through a regular night,” Welbanks says. “But now we have to consider the cybersecurity implications.”
Welbanks relies on high-resolution images from Gemini South to study the atmospheres of exoplanets; the shutdown has already caused him to miss three of his seven observation windows this year. Many colleagues, he says, are managing similar losses. Welbanks emphasizes the wider astronomy community may be “doomed” if the telescopes don’t resume operations: A unique spectrograph, capable of characterizing the atmospheres of far-away planets, is currently mounted on Gemini South, but scheduled to move to a smaller northern telescope in May 2024. If Gemini South doesn’t start up soon and the device transfer happens as planned, astronomers will—for the foreseeable future—lose their chance at valuable spectral data from the southern half of the sky.
For early-career researchers like Welbanks, a yearlong delay could be particularly harmful. “When people are like, ‘Oh, where’s the data?’ Then I’ll have to say, ‘Well, I don’t have any data because a hacker somewhere took down the computer,’” he says with a rueful laugh. “I don’t know if any hiring committee will be sympathetic to that.”
With limited options, NOIRLab staff are going “well above and beyond the call of duty” to keep projects going, Narayan says. As a temporary workaround to the lack of remote observing, some on-site staff at the Blanco and SOAR telescopes have stepped up to help researchers implement their observations at available telescopes. But NOIRLab has noted in an internal email that this model is not sustainable—hence the discussions about dispatching graduate students to Chile so in-person observations can continue.
Cybersecurity experts are perplexed as to why Gemini North was the target. “Quite possibly, the attacker doesn’t even know they are attacking an observatory,” says Von Welch, retired lead of the NSF Cybersecurity Center of Excellence.
He and others say the episode is another wake-up call for the astronomy community. In November 2022, the Atacama Large Millimeter Array radio telescope in Chile also went dark for nearly2 months as its staff scrambled to respond to a cyberattack. However, Welch also acknowledges the unique security challenges faced by international research institutions such as NOIRLab. Unlike independent private companies or banks, for example, who can easily isolate their systems, the very nature of astronomical research is open access and collaborative. “A best practice would be to firewall everything off,” Welch says. “But it’s like, well, no, you just broke all the scientific workflows.”
Despite lack of clarity over how the Gemini North and NOIRLabs systems were compromised, astronomers say they are motivated by this latest attack to improve cybersecurity practices at their facilities. Narayan says the whole astronomical community needs to rethink how it manages its identity and access software—and understand how damaging something as simple as a lost password can be.
“It doesn’t help if you build the strongest, most impenetrable fortress in the world, if you forget to lock even a single door or window,” says Patrick Lin, who leads an NSF-funded space cybersecurity grant at California Polytechnic State University. “The weakest link is often with us, the humans.”
Quelle: AAAS