| Recurring |
one_organization |
(a) The article mentions a previous incident where hackers took advantage of the space station's security flaws. Last year, the Department of Justice charged a pair of Chinese nationals for hacking NASA and the US Navy's cloud services [86008]. This indicates that similar incidents have happened before within NASA.
(b) The article does not provide specific information about similar incidents happening at other organizations. Therefore, it is unknown if similar incidents have occurred at multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the unauthorized Raspberry Pi computer that was attached to the JPL network. This device was not part of the authorized system design and introduced a security vulnerability that was exploited by the hacker, leading to the breach and data theft [86008].
(b) The software failure incident related to the operation phase is evident in the fact that the Raspberry Pi hack went undetected for 10 months. This indicates a failure in the operation and monitoring of the network security systems, allowing the intrusion to persist without being identified and mitigated in a timely manner [86008]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident involving the unauthorized Raspberry Pi computer that led to a cyberattack on NASA's Jet Propulsion Laboratory was a result of a device being attached to the JPL network without NASA's knowledge. This internal factor contributed to the breach and subsequent data theft [86008].
(b) outside_system: The software failure incident was also influenced by external factors, such as the actions of the hacker who targeted the unauthorized Raspberry Pi computer. The hacker's external actions from outside the system led to the breach and data theft within NASA's network [86008]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions. The incident occurred because a hacker was able to gain access to NASA's "major mission systems" by targeting an unauthorized Raspberry Pi computer that was attached to the JPL network [86008]. The Raspberry Pi hack went undetected for 10 months, during which the perpetrator stole data from files related to restricted military and space technology [86008].
(b) Additionally, the incident also involved human actions as there were other devices attached to the network without NASA's knowledge, indicating potential lapses in monitoring and security protocols [86008]. The article mentions that last year, Chinese nationals were charged for hacking NASA and the US Navy's cloud services, indicating human involvement in the security breaches [86008]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the NASA hack was related to hardware. The incident occurred due to an unauthorized Raspberry Pi computer that was attached to the JPL network, which left NASA open to a cyberattack [86008].
(b) The software failure incident in the NASA hack was also related to software. The hacker was able to gain access to one of NASA's "major mission systems" by targeting the unauthorized Raspberry Pi computer, indicating a software vulnerability that allowed unauthorized access to critical systems [86008]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case was malicious. A hacker gained access to NASA's "major mission systems" by targeting an unauthorized Raspberry Pi computer attached to the JPL network. The hacker stole 500 MB of data, including information on the transfer of restricted military and space technology related to the Mars Curiosity Rover mission [86008]. Additionally, the incident involved a cyberattack aimed at harming the system and stealing intellectual property, indicating malicious intent. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident involving the Raspberry Pi hack at NASA's Jet Propulsion Laboratory was a result of poor decisions. An unauthorized Raspberry Pi computer was attached to the JPL network, which left NASA open to a cyberattack [86008].
- The audit report highlighted that other devices were also attached to the network without NASA's knowledge, indicating a lack of proper oversight and control over network devices [86008].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident was not primarily due to accidental decisions but rather poor decisions and lack of proper security measures [86008]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article as it mentions that an unauthorized Raspberry Pi computer was attached to the JPL network, which left NASA open to a cyberattack. This unauthorized device went undetected for 10 months, indicating a lack of proper monitoring and security measures by the organization [86008].
(b) The software failure incident related to accidental factors is also present in the article. The incident occurred due to the presence of unauthorized devices on the network, which were attached without NASA's knowledge. This accidental introduction of devices without proper authorization or oversight contributed to the security breach [86008]. |
| Duration |
temporary |
The software failure incident described in the article was temporary. The Raspberry Pi hack at NASA's Jet Propulsion Laboratory went undetected for 10 months before being discovered [86008]. This indicates that the failure was not permanent but rather temporary in nature, lasting for a specific period before being identified and addressed. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash as the unauthorized Raspberry Pi computer attached to the JPL network led to a cyberattack, causing the system to lose its state and potentially not perform its intended functions [86008].
(b) omission: The incident can also be related to omission as the hacker was able to gain access to a major mission system by targeting the unauthorized Raspberry Pi computer, which omitted to perform its intended function of being a secure and authorized device on the network [86008].
(c) timing: The timing of the software failure incident can be considered in terms of the system performing its intended functions too late in detecting the hack. The Raspberry Pi hack went undetected for 10 months, indicating a delay in identifying the security breach [86008].
(d) value: The incident can be linked to a failure in terms of value as the system performed its intended functions incorrectly by allowing unauthorized access to sensitive data related to military and space technology, leading to the theft of 500 MB of data from 23 files [86008].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident primarily involved unauthorized access and data theft rather than erratic or inconsistent behavior of the system [86008].
(f) other: The behavior of the software failure incident can be described as a security breach leading to unauthorized access and data theft, which is not explicitly covered by the options provided. The incident involved a breach in the system's security protocols, allowing a hacker to gain access to sensitive information [86008]. |