Two of the world’s most advanced astronomy observatories, the Gemini North Telescope in Hawaii and the Gemini South Telescope in Chile, were forced to halt operations due to a cyberattack. The incident also brought down many smaller telescopes and caused delays.
The US center for ground-based optical-infrared astronomy, the National Optical-Infrared Astronomy Research Laboratory (NSF’s NOIRLab), detected a cyber incident on its computer systems on the morning of August 1st, 2023. It forced the suspension of astronomical observations.
The NOIRLab cyber security team and observing teams reacted quickly to prevent damage to the observatory.
“Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down. The Gemini website and proposal tools are currently offline,” the laboratory announced.
The Gemini North telescope was safely stowed in its zenith-pointing position, and the Gemini South telescope was in a planned shutdown for engineering work.
As a precaution, NOIRLab also disconnected the Mid-Scale Observatories (MSO) network on Cerro Tololo and at SOAR on August 9th, making remote observations at the Víctor M. Blanco 4-meter Telescope and SOAR Telescope unavailable.
“As a temporary workaround, observations are being carried out by on-site staff in service mode; affected observers will be contacted individually,” the lab informed at a time.
This issue has also affected tenant facilities on Cerro Tololo and Cerro Pachón, which operate remotely. The telescopes on Kitt Peak in Arizona were unaffected. NOIRLab managed to keep some telescopes online and collect data with in-person workarounds.
As of the 24th of August, the issue was not resolved.
“NOIRLab is continuing its efforts to diligently investigate and resolve the August 1st cybersecurity incident that occurred on its computer systems,” the lab wrote in its latest announcement.
Due to the incident, scientists and enthusiasts were unable to access many useful tools, such as the website Gemini.edu.
“Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far. Like the entire astronomy community, we are disappointed that some of our telescopes are not currently observing,” NOIRLab stated.
The Lab was forced to delay a Gemini Call for proposals for the Semester starting February 1st next year, as the nominal opening date was scheduled on August 31st.
“We believe that open access and information sharing are vital for healthy scientific collaboration, and we continue to make data accessible through our website. However, because our investigation into this incident is ongoing, we are limited in what we can share about our cybersecurity controls and investigatory findings,” the Lab writes.
NOIRLab plans to provide the community with more information when they are able to.
Both telescopes will be closed while the NOIRLab IT team conducts its investigation and develops a recovery plan in consultation with NSF’s cyber specialists. There’s currently no impact on other NOIRLab infrastructure.
After the cyberattack, the National Counterintelligence and Security Center warned about foreign intelligence entities’ efforts to target and exploit the US space industry, which can harm US commercial firms and broader US national and economic security in several ways.
“Foreign intelligence entities recognize the importance of the commercial space industry to the US economy and national security, including the growing dependence of critical infrastructure on space-based assets. They see US space-related innovation and assets as potential threats as well as valuable opportunities to acquire vital technologies and expertise,” the bulletin writes.
Those entities use cyberattacks, strategic investment (including joint ventures and acquisitions), the targeting of key supply chain nodes, and other techniques to gain access to the US space industry.