A curious PDF turned up in the feeds this morning which had me eyeing the calendar for our proximity to April 1st. America is Under Siege – Now is the Time for NASA to Unleash Gryphon-X [PDF] is a fascinating but quite rabid 12-page call for NASA HQ and policy-makers on Capitol Hill to rescue a putative project which would have the space agency construct a massive and unique cybersecurity settlement called Gryphon-X in the heart of Silicon Valley.
The release comes from the Institute for Critical Infrastructure Technology (ICIT), written by co-founder James Scott Sr and visiting scholar Drew Spaniel, interning from the Heinz College at Carnegie Mellon. It paints a grim future for America if federal funders and legislators don’t hurry up and green-light a massive NASA security project whose name currently has zero foot-print on any search engine.
‘The ideas that sparked the innovation that put men on the moon are now snuffed out by political agendas spewed forth by NASA HQ’s executive betters. The reality is, our Nation’s virtually unprotected critical infrastructure is getting annihilated by sophisticated and not so sophisticated actors who use technology and virtual anonymity to infiltrate, surveil, and exfiltrate the interworkings of our most critical systems. Sadly, the one agency with the innovative intellectual capital needed to render solutions sits on its hands as it turns down one cybersecurity initiative after another meant to inject bleeding edge layered defenses into our dilapidated critical infrastructure technologies.’
The document, which when printed out looks like detailed set-dressing from The Andromeda Strain (or practically any other Michael Crichton SF outing), intersperses a comprehensive outlining of all the cyberattacks which NASA has suffered in recent years with the necessity to back the Gryphon-X project, which, it claims, ‘has fell into [NASA] HQ’s bureaucratic black hole without so much as the approval to socialize the concept among federal stakeholders on the Hill’.
The paper pays particular attention to the recent story about hacking group AnonSec, which stole and republished 250gb of confidential NASA data and attempted to ditch a $222 million Global Hawk Drone into the Pacific ocean, painting a (admittedly not uncommon) picture of NASA as vulnerable to the most perfunctory interest from ‘script kiddies’. AnonSec spent months mapping NASA’s network after buying its way into the system in 2013, and the paper contends that ‘If NASA had a cybersecurity fusion center, such as the one included in Gryphon-X, the systems would have been patched against the exploit and the attackers would not have been able to move further into the network.’
But Gryphon-X, apparently under the auspices of the Ames Research Center (aka NASA Ames), is not just for improving NASA’s failed security, but is presented here as a kind of cybernetic International Rescue:
‘Russia may not be willing to attack America at the moment, but can the same be said for North Korea, ISIS, or numerous mentally ill individuals on our own soil? Gryphon-X contains the fusion center, virtualization environment, and cyber-physical capabilities needed to analyze, prepare, and prevent threats like these from harming the nation, its organizations, or its people.’
The PDF is vague on details as to what Gryphon-X actually is, apart from being a Bond/Crichton-style federal money vacuum with a security research centre and scholastic facilities attached, but paints a vivid picture of its superior ability to defend against the attackers who can currently ‘barter on dark web forums’ and easily purchase access to critical systems.
It is hard to back up the paper’s call to ‘unleash’ NASA’s secret cyber-killer, since I cannot currently find any reference on the internet either to ‘Gryphon X’ or ‘Gryphon-X’ (both forms are used by ICIT). The only obvious connection is that between the Ames Research Center and New York-based startup Gryphon Sensors, which specialises in UAV systems and has worked with NASA on drone traffic management research.