Is the Data Breach by Orbital ATK of SSL Data on a NASA Server Corporate Espionage?

SSL Dragonfly. Credit: SSL.

On December 6, 2016 Space Systems Loral (SSL), a subsidiary of MacDonald Dettwiler and Associates Ltd. (MDA), was notified by NASA’s Marshall Space Flight Center that there had been a data breach of their proprietary data on a NASA server. Orbital ATK was responsible. SSL is now suing them, and publicly, it looks bad for Orbital ATK.

We’re Family

Orbital, ATK, SSL and MDA have been in each other’s spheres for decades.

Orbital acquired MDA in 1995. Then it divested itself of MDA in 2001.

Then in 2008, ATK tried to acquire MDA. The Canadian government interceded, and used a new law that allowed them to reject the deal, even though MDA shareholders had approved the deal.

In 2012 MDA acquired SSL.

In 2014 Orbital and ATK merged to form Orbital ATK.

All four separate companies, now two companies, are family, almost.

But this is 2017, and the commercial space market is very, very competitive and opening a new market, in this case, satellite servicing, even more so.

NASA: It’s Orbital ATK 

As NASA continued to investigate the data breach, it learned that Orbital ATK was responsible. NASA informed SSL of their initial findings in communication dated December 9 and 14.

Some of the details NASA provided are part of the SSL complaint filed with the U.S. District Court for the Eastern District of Virginia.

According to the court filing, NASA informed SSL that as many as six Orbital ATK employees had viewed “at least four files containing SSL proprietary data,” that “were opened and/or viewed as part of the data breach.”

NASA informed SSL that Orbital ATK was conducting its own internal investigation.

Orbital ATK’s Internal Investigation

A company spokesperson informed SpaceQ that they had investigated the “incident in coordination with NASA” and that “Orbital ATK is committed to and adheres to industry and government best practices in governance and ethics.”

They also said that the they had “terminated the employee for violating our Code of Ethics and Business Conduct,” and had quarantined the data and “remediated the issue to our customer’s (NASA) satisfaction”.

“As a result we believe that SSL’s complaints against us are without merit and we intend to defend against them vigorously.”

SSL though, begs to differ.

SSL Goes to Court

By December 19 SSL had contacted Orbital with a list of questions it wanted answered. They were;

  • The number of Orbital ATK employees involved in the breach or breaches.
  • The roles and responsibilities of the Orbital ATK employees involved in the breach or breaches.
  • How and why the Orbital ATK employees accessed SSL’s highly sensitive files.
  • What the Orbital ATK employees did with the SSL information they accessed.
  • How, why, and to whom SSL’s confidential and proprietary information was disseminated.
  • Whether Orbital ATK and/or its employees were still in possession of SSL’s information.
  • How and when Orbital ATK first became aware of the data breach.

On December 31 Orbital ATK responded to SSL with a letter, which according to the court filing, acknowledged that an employee had accessed SSL proprietary data.

Most of SSL’s questions to Orbital ATK were left unanswered according to the court filing.

At this point SSL felt it had no choice to but to sue Orbital ATK.

Specifically the court filing states; “Devoid of any other resource to protect itself and without sufficient details to assess the extent of the damage caused by Orbital ATK’s unauthorized access of the NASA NX server, SSL respectfully seeks the court’s intervention to protect its confidential, proprietary, and sensitive information and to redress the damage caused by Orbital ATK’s unauthorized access of NASA’s NX server.”

The Files

The court filing outlines what four files the Orbital ATK employee had access to. All of the information relates to SSL’s Dragonfly program for on-orbit robotic satellite assembly.

In particular two of the documents contained sensitive non-public information on the Dragonfly project between NASA and SSL. These documents included technical approach, specific technical details, resource requirements, organizational structure, timelines and more.

The third document included the project overview and implementation plan. The fourth document included a “revised Technical, Management and Cost Proposal” for the project.

According to SSL, it is the fourth document that “is a treasure trove of information for SSL’s competitors as it provides the architecture for the Dragonfly program, including SSL-developed technology and future technology in the highly competitive field of robotic satellite assembly, repair, and servicing.”

Is it Corporate Espionage?

There’s a legal line that shouldn’t be crossed when trying to get a competitive advantage over a competitor.

When a company crosses that line and breaks the law, it is considered corporate espionage. Did Orbital ATK cross that line in this case? That will be for the court to decide.

By their own admission, Orbital ATK said that one employee broke their “Code of Ethics and Business Conduct.” It was an ethical breach, at the very least, that should not have happened.

At stake is hundreds, if not billions, of future revenue in what many hope will be a new market for on-orbit satellite assembly and servicing.

For Orbital ATK, that one employee has opened them up to, at a minimum, a potentially costly lawsuit.

About Marc Boucher

Boucher is an entrepreneur, writer, editor & publisher. He is the founder of SpaceQ Media Inc. and CEO and co-founder of SpaceRef Interactive LLC. Boucher has 20+ years working in various roles in the space industry and a total of 30 years as a technology entrepreneur including creating Maple Square, Canada's first internet directory and search engine.

One comment

  1. OATK really stepped into it this time, didn’t they? As a minimum, they deserve the same exclusion from future civil space that their family member/adversary Loral suffered for over a decade.

Leave a Reply