Cybersecurity incident at NSF’s NOIRLab

Astronomical observations at the International Gemini Observatory suspended

6 September 2023

Update as of 29 September 2023

Gemini North and Gemini South telescopes are now back on sky and are currently collecting science data. Restoration of remote access for external astronomers is ongoing, and we anticipate that it will be restored over the coming weeks. This concludes the updates of this incident.

Update as of 5 September 2023

The recovery process of the affected facilities and telescopes is ongoing. As part of that process, we have now brought the Gemini.edu website back online. We have also posted updates about the NOIRLab and Gemini Calls for Proposals on the NOIRLab Science Site and Gemini.edu.

Update as of 24 August 2023

NOIRLab is continuing its efforts to diligently investigate and resolve the 1 August cybersecurity incident that occurred in its computer systems. This incident resulted in the temporary shutdown of Gemini North and South telescopes and some of the smaller telescopes on Cerro Tololo in Chile. The telescopes on Kitt Peak in Arizona are unaffected. The website Gemini.edu is also currently offline. Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far.

Like the entire astronomy community, we are disappointed that some of our telescopes are not currently observing. Fortunately, we have been able to keep some telescopes online and collect data with in-person workarounds. We are grateful for the support of the astronomy community during this difficult time and we thank everyone for their patience as our teams continue to work towards restoring normal operations. We are continuing to take steps to support the operations of those facilities that are online, while progressing the recovery effort for the facilities that are offline.

Our progress to date has been the result of an outstanding effort by our IT team and by the staff providing support for telescope operations.

We believe that open access and information sharing are vital for healthy scientific collaboration, and we continue to make data accessible through our website. However, because our investigation into this incident is ongoing, we are limited in what we can share about our cybersecurity controls and investigatory findings. We plan to provide the community with more information when we are able to, in alignment with our commitment to transparency as well as our dedication to the security of our infrastructure.

We are working on getting the Gemini Call for Proposals launched (for the Semester starting 1 February 2024), and will decide in the next few days whether this will be delayed by up to a week past the nominal opening date of 31 August.

Update as of 9 August 2023

As a precaution we have also disconnected the Mid-Scale Observatories (MSO) network on Cerro Tololo and at SOAR. This means that remote observations at the Víctor M. Blanco 4-meter Telescope and SOAR Telescope are unavailable. As a temporary workaround, observations are being carried out by on-site staff in service mode; affected observers will be contacted individually.

This issue has also affected those tenant facilities on Cerro Tololo and Cerro Pachón who operate remotely. MSO staff on site helped to put these facilities into a safe state following the disconnection.

Update as of 1 August 2023

On the morning of 1 August 2023 NSF’s NOIRLab detected a cyber incident in its computer systems, forcing the suspension of astronomical observations at Gemini North in Hawai‘i. Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory. 

Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down. The Gemini website and proposal tools are currently offline but the NOIRLab website remains online. The Gemini North telescope was safely stowed in its zenith-pointing position, and the Gemini South telescope was in a planned shutdown for engineering work. Both telescopes will be closed while the NOIRLab IT team conducts its investigation and develops the recovery plan in consultation with NSF’s cyber specialists. There is currently no impact on other NOIRLab infrastructure. Our highest priorities are to safely and securely resume observations, as well as to understand and learn from this incident.

We are grateful for the support and quick action by the NOIRLab IT security team, the Gemini operations staff, and from our partners and the community.

More information 

NSF’s NOIRLab (National Optical-Infrared Astronomy Research Laboratory), the US center for ground-based optical-infrared astronomy, operates the International Gemini Observatory (a facility of NSF, NRC–Canada, ANID–Chile, MCTIC–Brazil, MINCyT–Argentina, and KASI–Republic of Korea), Kitt Peak National Observatory (KPNO), Cerro Tololo Inter-American Observatory (CTIO), the Community Science and Data Center (CSDC), and Vera C. Rubin Observatory (operated in cooperation with the Department of Energy’s SLAC National Accelerator Laboratory). It is managed by the Association of Universities for Research in Astronomy (AURA) under a cooperative agreement with NSF and is headquartered in Tucson, Arizona. The astronomical community is honored to have the opportunity to conduct astronomical research on Iolkam Du’ag (Kitt Peak) in Arizona, on Maunakea in Hawai‘i, and on Cerro Tololo and Cerro Pachón in Chile. We recognize and acknowledge the very significant cultural role and reverence that these sites have to the Tohono O’odham Nation, to the Native Hawaiian community, and to the local communities in Chile, respectively.

Links

• NSF Cybersecurity Center of Excellence
• ResearchSOC
• Photos of the International Gemini Observatory
• Videos of the International Gemini Observatory

Contacts

Amanda Kocz
Communications Manager
NSF’s NOIRLab
Tel: +1 520 318 8591
Email: amanda.kocz@noirlab.edu