| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
The NASA software failure incident involving hackers gaining access to sensitive information and compromising systems has happened again within the same organization. The article mentions that NASA had experienced security breaches in the past, with hackers stealing employee credentials and gaining access to mission-critical projects in 13 major network breaches. This indicates a recurring issue with cybersecurity within NASA [10757].
(b) The software failure incident having happened again at multiple_organization:
The article does not provide information about the same software failure incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design |
(a) The software failure incident related to the design phase is evident in the NASA breach incident reported in Article 10757. The hackers gained access to NASA's Jet Propulsion Laboratory network by exploiting vulnerabilities in the system design, allowing them to modify, copy, or delete sensitive files, create new user accounts, and upload hacking tools. This breach highlighted security weaknesses in the system development and maintenance processes, as the intruders were able to compromise the accounts of privileged users and access most of JPL's networks [10757].
(b) The software failure incident related to the operation phase is seen in the case of the U.S. Air Force canceling the plan to outfit personnel with iPad tablet computers. The cancellation was not due to concerns about the software itself but rather a decision that the procurement process should not have been reserved for small businesses. This operational failure indicates a misstep in the procurement and operational procedures of the Air Force, leading to the reversal of the iPad purchase plan [10757]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident reported in the articles is primarily within_system. The failure was due to hackers gaining access to NASA's systems by stealing employee credentials and exploiting vulnerabilities within NASA's network security [10757]. The hackers were able to compromise sensitive files, create new user accounts, upload hacking tools, and modify system logs to conceal their actions. Additionally, the incident involved lapses in computer security practices within NASA, such as the slow implementation of encryption on laptop computers, leading to the exposure of critical information [10757].
(b) The software failure incident also involved some aspects of outside_system factors. For example, the article mentions concerns about the supply chain security related to the procurement of iPad tablets for the U.S. Air Force. While the cancellation of the iPad order was not directly due to concerns about the GoodReader software written by a Russian developer, it reflects the broader challenge of ensuring the security of hardware and software components sourced from overseas, including potential tampering by other nations [10757]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- Hackers gained access to NASA's Jet Propulsion Laboratory network through an Internet Protocol address in China, allowing them to modify, copy, or delete sensitive files, create new user accounts, upload hacking tools, and compromise other NASA systems [10757].
- Unencrypted notebook computers containing sensitive data, including codes for controlling the International Space Station, were lost or stolen, indicating a failure to encrypt or scramble data on laptops to protect information [10757].
(b) The software failure incident occurring due to human actions:
- Intruders stole credentials for accessing NASA systems from more than 150 employees, indicating a failure in maintaining secure access credentials [10757].
- The U.S. Air Force canceled a plan to outfit personnel with iPad tablets due to a decision that the procurement should not have been reserved for small businesses, leading to the reversal of the order [10757]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The incident involving NASA's Jet Propulsion Laboratory being hacked by intruders through an Internet Protocol address in China resulted in the compromise of sensitive files, creation of new user accounts, and uploading of hacking tools to steal user credentials [10757].
- Unencrypted notebook computers containing sensitive data, including codes for controlling the International Space Station, were lost or stolen, highlighting a hardware-related security issue [10757].
(b) The software failure incident related to software:
- The hackers who breached NASA's systems were able to modify system logs to conceal their actions, indicating a software-related vulnerability in the system [10757].
- The U.S. Air Force's cancellation of the plan to outfit personnel with iPad tablets was not due to concerns about the GoodReader software but rather a decision related to procurement processes, suggesting a software-related aspect in the procurement decision [10757]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. It involved hackers stealing employee credentials and gaining access to mission-critical projects at NASA through network breaches. The hackers were able to compromise sensitive files, create new user accounts, upload hacking tools, steal user credentials, and modify system logs to conceal their actions. The breach was significant and compromised U.S. national security [10757].
Additionally, the incident involved intruders stealing credentials for accessing NASA systems from more than 150 employees, indicating a deliberate attempt to gain unauthorized access to sensitive information [10757]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident involving NASA being hacked by intruders was partly due to poor decisions related to IT security practices. NASA was criticized for moving too slowly to encrypt or scramble data on its laptop computers, leading to sensitive information being at risk when unencrypted notebooks were lost or stolen [10757].
- Additionally, the incident highlighted poor decisions in terms of computer security lapses at NASA, with thousands of lapses identified by the Inspector General's Office in 2010 and 2011 [10757].
(b) The intent of the software failure incident related to accidental_decisions:
- The incident involving the U.S. Air Force scrapping a plan to outfit personnel with iPads was not due to concerns about the software itself, such as GoodReader, but rather an accidental decision related to the procurement process. The cancellation of the order was a result of a decision that the procurement should not have been reserved for small businesses, indicating an unintended decision in the procurement process [10757]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- The NASA software breach incident involved hackers gaining access to mission-critical projects through network breaches, compromising U.S. national security [10757].
- NASA Inspector General Paul Martin testified that hackers compromised the accounts of the most privileged JPL users, giving them access to most of JPL's networks, indicating a lack of proper security measures and controls [10757].
(b) The software failure incident occurring accidentally:
- The U.S. Air Force scrapped a plan to outfit personnel with second-generation iPad tablet computers due to a procurement error, not because of concerns about the software GoodReader [10757].
- The cancellation of the iPad order was due to a decision that the procurement should not have been reserved for small businesses, indicating an accidental oversight in the procurement process [10757]. |
| Duration |
unknown |
The articles do not provide information about the duration of the software failure incident related to the NASA hacking incident or the Air Force's cancellation of the iPad purchase. Therefore, it is 'unknown' whether the software failure incident was permanent or temporary. |
| Behaviour |
value, other |
(a) crash: The software failure incident reported in the articles does not specifically mention a crash where the system loses state and does not perform any of its intended functions [10757].
(b) omission: The incident does not describe a failure due to the system omitting to perform its intended functions at an instance(s) [10757].
(c) timing: The articles do not indicate a failure due to the system performing its intended functions correctly, but too late or too early [10757].
(d) value: The incident does mention a failure due to the system performing its intended functions incorrectly. Specifically, hackers gained full system access, allowing them to modify, copy, or delete sensitive files, create new user accounts, and compromise other NASA systems [10757].
(e) byzantine: The incident does not describe a failure due to the system behaving erroneously with inconsistent responses and interactions [10757].
(f) other: The behavior of the software failure incident reported in the articles can be categorized as a security breach caused by hackers gaining unauthorized access to NASA's systems, compromising sensitive data, and potentially endangering national security [10757]. |