Our Most Powerful Telescopes are Under Unknown Cyber Attack

By: Lauren Wurth | Last updated: Nov 03, 2023

Some recent cyber attacks have held users of the National Science Foundation (NSF) telescopes for ransom. The NSF is equipped with the most powerful earth-based telescope, which services astronomers from around the globe for coordinated research.

Unfortunately, the cyber attack has made it impossible for many of the researchers to gain remote access to the telescopes. This has affected ongoing research, since the schedule of astrological observations has been breached.

Differences Between Earth-based and Space Probe Telescope

At the first mention of a telescope, space probes like the Hubble Space and James Webb Telescope come to mind. Due to their launch publicity, these space probes tend to be more popular than their Earth-based counterpart.   


Source: Kevin Gill/Flickr

Earth-based telescopes are as complex as space probes, but they are basically giant mirrors and lenses strategically positioned for astronomical observations.


The Scope of the Disruption

The NSF telescopes are physically accessible for observations; however, not all researchers can afford the luxury of physically visiting Chile and Hawaii for their astronomical observations.


Source: Giant Magellan Telescope

Besides being situated in remote locations, it would definitely be counterproductive to pack astronomy researchers from around the globe in one geographical location. Therefore, many of these experts access the telescopes remotely.

The Cyber Threat in Perspective

While the NSF’s Earth-based telescopes are physically functional, the inability to access them remotely has handicapped a huge number of researchers. 


Source: Jaydeep_/Pixabay

Also, since astronomy usually involves timed observations, a lot of the research has suffered major setbacks over the course of the remote blackout. There are just a few workers physically present, and they can only do so much.

How the Cyber Attack was Detected

On August 1, 2023, it was observed that the Gemini North telescope of the NSF was experiencing a cyberattack. This telescope is located in Hilo, Hawaii, and the attack made it inaccessible to remote astronomy collaborators from around the world.


Source: TMT Observatory Corporation

The breach was discovered by the cybersecurity team at the NSF’s coordinating center, known as NOIRLab. The team is tasked with the responsibility of running the telescopes with minimal hitch. 

Salvaging a Dire Situation

NOIRLab’s cybersecurity team was forced to take the Gemini North telescope offline after discovering the attack. Afterward, the telescope could not be used for remote observations. 

Source: NOIRLab

Likewise, the Gemini South telescope, located in the Cerro Pachón mountains of Chile, was also shut down to avoid any physical damage to the expensive astronomy facilities.


Precautionary Disconnection of the Cerro Telescopes

After the security breach of NSF’s Hawaiian telescope was discovered, NOIRLab proceeded to disconnect the Chilean telescopes from its computer network. This precautionary step would prevent the vulnerability from spreading throughout the network.

Source: NASA

Besides two Mid-Scale Observatories (MBO) affected by the shutdown, some other eight affiliate telescopes in Chile were taken off the computer grid.


A Huge Setback for Researchers

The cyber attack has had a domino effect on the activities of the astronomical community. For example, the schedule of progression and completion of several astronomical studies have been affected.

Source: NCMNS

Astronomical research turns out to be strictly guided by time. Some observation windows are only available in 100-year cycles, depending on the Earth’s alignment with the heavenly body being studied.


Creating Anxiety in the Astronomical Community

Besides having to strictly keep up with observation windows, researchers – in particular, those with a tenured research timeline – are facing local challenges.

Source: NCMNS

For example, a postdoc researcher from Arizona State University had been using telescopes in the Gemini South setup to investigate exoplanets. Unfortunately, his work has been put on hold since the cyber attack, and no one knows when the facilities will be back online. 


Working Around the Bottleneck

In a bid to help remote researchers, NOIRLab staff is making an effort to make as many on-site observations as possible.  

Source: INAMORI Foundation

Of course, they can’t continue on-site observations for long. So, the NOIRLab cybersecurity team is working tirelessly to make sure the vulnerabilities are addressed. Also, some institutions are considering flying their graduate students to Chile to conduct the on-site observations themselves. 


Why Would Anyone Want to Attack a Research Observatory?

Pinpointing the rationale for the attack has troubled cybersecurity experts. The NSF telescopes are not being used for some spectacular or top-secret research, so it begs the question of why cyber attackers would make the facility a target. 

Source: South Carolina State Museum

A former head of the NSF Cybersecurity Center is of the opinion that the attackers may be unaware of the kind of facility being attacked.


Preventing Future Attacks

Cybersecurity experts have pointed out the necessity of high-end security architecture and software for facilities like the NSF telescopes. Sure, their research may not inherently be something to shroud in secrecy.

Source: Rawpixel

However, vulnerabilities like the recent one have to be checked by all available means. Also, beyond the deployed cybersecurity features, human users will have to check exposure to vulnerabilities on their own end.