SSL sues Orbital ATK over confidential data breach
Updated March 27.
WASHINGTON — Space Systems Loral (SSL) has filed a lawsuit against Orbital ATK after an employee of that company accessed sensitive information in a NASA computer system about SSL satellite servicing technologies.
The suit, filed March 22 in the U.S. District Court for the Eastern District of Virginia in Newport News, Virginia, is the latest development in a dispute involving the two companies and a government agency regarding the development of systems to service satellites.
In the suit, SSL says it was notified by NASA’s Marshall Space Flight Center in December that an unnamed individual, later determined to be an employee of Orbital ATK, accessed SSL documents related to a project called Dragonfly on a server at the NASA Langley Research Center in Virginia.
“Needless to say, we were shocked to find out this breach had occurred,” Steve Oldham, senior vice president for strategic business development at SSL, said of the lawsuit in a March 23 interview.
SSL had a contract with NASA Marshall, officially awarded last September, to work on Dragonfly under a program by NASA’s Space Technology Mission Directorate to support development of “tipping point” technologies. The Dragonfly project is intended to advance technology for the in-space assembly and repair of satellite antennas.
The documents accessed by the Orbital ATK employee, according to the suit, include Dragonfly project plans and technical information, as well as SSL’s proposal to NASA for the project. All were marked as SSL proprietary documents.
“This document alone,” the suit says of the proposal, “is a treasure trove of information for SSL’s competitors as it provides the architecture for the Dragonfly program, including SSL-developed technology and future technology in the highly competitive field of robotic satellite assembly, repair, and servicing.”
SSL said it contacted Orbital ATK with questions about the data breach, including which Orbital ATK employees viewed the documents and whether Orbital ATK still had them. Orbital ATK responded in a Dec. 31 letter stating that the employee who had accessed the documents from the NASA server had been fired, but did not provide additional information. SSL claims in the suit that NASA informed the company as many as six Orbital ATK employees accessed the documents.
“We asked Orbital what they had done, where the data had gone to, how it was being used, which people had seen it, and to confirm that the data was not being used in any of their activities,” Oldham said. “Orbital did not respond to that.”
In the suit, SSL requests a preliminary injunction requiring Orbital ATK to return all of the SSL documents still in its possession, followed by a permanent injunction requiring Orbital ATK to refrain from using any of those documents in its own projects. The suit doesn’t request monetary damages but does include a clause requesting “other and further relief the Court may deem just and appropriate.”
Oldham said SSL would leave it up to the court to determine what damage had been done. “The bell can’t be unrung. This information now resides in Orbital,” he said. “Satellite servicing is a huge potential business opportunity for the company, and this information can be used against us.” He added that the data breach had not affected SSL’s work with NASA on the Dragonfly project itself.
Rob Wyman, head of the office of communications at NASA Langley, said March 23 that Orbital ATK notified center officials in November that one of the company’s employees “had inappropriately accessed NASA and third-party documents in an online file storage system” at Langley while working on a space technology project proposal there.
“Langley took immediate action to restrict the access and initiated the appropriate investigations, which remain ongoing,” Wyman said, adding that the matter had also been referred to NASA’s Office of Inspector General.
An Orbital ATK spokesperson said March 24 that the company plans to fight the suit. “Orbital ATK is committed to and adheres to industry and government best practices in governance and ethics,” the spokesperson said, adding that the company took several steps after discovering the breach, including notifying NASA and quarantining the data “according to best practices.”
“As a result we believe that SSL’s complaints against us are without merit and we intend to defend against them vigorously,” the spokesperson said.
SSL filed its lawsuit a month and a half after Orbital ATK sued the Defense Advanced Research Projects Agency over a satellite servicing award it made to SSL. In its Feb. 7 suit, Orbital ATK alleged that DARPA’s Robotic Servicing of Geosynchronous Satellites (RSGS) program violated national space policy by funding a technology in competition with the private sector.
Orbital ATK is developing its own satellite servicing system, called the Mission Extension Vehicle (MEV), to initially dock with satellites in GEO and then maneuver them. The first MEV is scheduled for launch in late 2018 on a Proton. Later iterations of the concept, the company says, would include more advanced servicing technology.
Under the RSGS program, SSL will provide a satellite bus for a DARPA servicing payload. After conducting a series of demonstrations of the technology in orbit, including satellite refueling and repairs, SSL would be able to use the spacecraft for commercial servicing applications. SSL expects to complete the RSGS project by 2021.
Oldham said he saw the data breach and Orbital ATK’s lawsuit about the RSGS program as a coordinated effort to hinder SSL. “It’s pretty clear that the Orbital guys are pretty motivated to see our space robotics initiatives not work,” he claimed. “We have no choice. We have to protect our intellectual property.”
“It’s an unusual situation,” he acknowledged. “It’s not a situation we like being in. Lawsuits are expensive. But what can we do?”