Affected NSF Observatories Under Cyberattack in Chile and Hawaii
Since the summer of 2023, several observatories run by the US National Science Foundation experienced coordinated cyber intrusions impacting facilities in Chile and Hawaii. Reports from Science describe the incident as a mysterious cyber intrusion because many details remain unclear and the full extent of the breach is still under investigation.
The attacks began in the early days of August and prompted immediate action at multiple sites. Internal notifications indicated that staff were not briefed with full disclosure as technicians and administrators worked around the clock to restore normal operations and prepare for rapid reactivation of the affected instruments. The situation required careful assessment by security teams, engineers, and telescope operators to understand the attack vectors and to implement safeguards against further spread.
The consequences were disruptive. Ten observatories halted routine operations for more than two weeks, and several more facilities operated only in a limited capacity. On those limited sites, observers could still conduct personal measurements, but remote control of the telescopes and data collection pipelines were temporarily unavailable. The pause in activity affected a range of scientific programs, from time-domain astronomy to calibration campaigns that depend on continuous instrument availability.
Among the facilities impacted were major telescopes such as Gemini North, the Victor M. Blanco Telescope, and the Southern Astrophysical Research telescope. These platforms form a critical portion of ground-based surveying and follow-up capabilities used by researchers across North America and beyond. To reduce the risk of further disruption or damage, the operators implemented stringent containment measures, including temporary suspension of remote access and tightened security protocols. The goal was to prevent any residual access from enabling additional interference while the systems were being hardened and validated before resuming normal operations.
The episode has raised questions about the resilience of large astronomical infrastructures to cyber threats, the adequacy of incident response processes, and the importance of layered defense for complex, dispersed observatories. Analysts note that professional, mission-critical systems must balance openness with robust protection to protect valuable data and ensure the safety of sensitive equipment in remote locations. As the investigation progresses, the scientific community awaits a clearer report outlining the cause, the attackers’ methods, and the steps taken to prevent a recurrence. The emphasis remains on rapid recovery, transparent communication with stakeholders, and ongoing enhancements to cyber security across the NSF network.
In related security developments, reports have referenced other cyber intrusion campaigns affecting critical infrastructure, underscoring a broader pattern of threats facing public science facilities. The emphasis in all cases is on preserving data integrity, safeguarding personnel, and maintaining continued access to essential observational capabilities. The overarching objective is to strengthen defenses without compromising the long-term research agenda that relies on these instruments for discovery and discovery-driven science.
Note: This summary reflects publicly discussed information concerning the incident and the subsequent recovery efforts. Attribution is provided to the involved journals and institutions as appropriate for ongoing coverage.