Space Systems Loral (SSL) filed a lawsuit on Wednesday alleging Orbital ATK [OA] stole its proprietary data relating to the NASA Dragonfly project.
In the filing in the U.S. District Court for the Eastern District of Virginia, SSL alleged NASA Marshall Space Flight Center notified SSL last December that an employee of Orbital ATK accessed files on NASA’s NX server, at the administration’s Langley Research Center, beyond the files they were authorized to view.
The Dragonfly program intends to eventually develop a satellite that can be launched into space in a compact, stowed state and then assemble itself once in orbit. This kind of technology could allow the Defense Department to create larger satellites that could be packaged in pieces and launched inside a standard-sized vehicle (Defense Daily; Aug. 26, 2015).
SSL’s filing covers six counts: the Computer Fraud and Abuse Act, Defend Trade Secrets Act of 2016, Misappropriation of Trade Secrets under the Virginia commonwealth code, the Virginia Computer Crimes Act, conversion, and unjust enrichment.
NASA told SSL that at least four files containing SSL proprietary data were opened and/or viewed as part of the data breach and the files containing the proprietary information had been accessed by up to six Orbital ATK employees. NASA notified SSL that it was conducting an investigation and that Orbital ATK was also conducting an internal investigation into the breach.
SSL said it asked Orbital ATK to answer several questions about the scope and impact of the data breach including the number of employees involved in the breach and the roles and responsibilities of such employees. SSL also asked how and why the Orbital ATK personnel accessed SSL’s files; what the employees did with the accessed information; how, why, and to whom SSL’s proprietary information was disseminated; whether Orbital ATK and/or its employees still possess this information; and how and when Orbital ATK first became aware of the data breach.
SSL said on Dec. 31 Orbital ATK sent SSL a one-page letter admitting to the unauthorized access of the data and that it had terminated the employees “whose actions violated [Orbital ATK’s] ethics policy.” However, SSL claimed the letter provided no further details about the breach of the NASA NX server nor did it address how up to six employees accessed the information. The company said Orbital ATK has thus far not responded to SSL requests for more information on the breach or confirm it was limited to the four documents NASA identified.
“Accordingly, SSL is unable to assess the extent of the damage Orbital ATK’s conduct has caused and/or continues to cause and does not know what actions may be necessary to mitigate, if possible, any damage caused to SSL or to prevent future damage to SSL,” the company said in the filing.
SSL said without sufficient information to assess the damage caused by the incident and devoid of any other resource to protect itself, it is seeking the court’s intervention to protect its confidential, proprietary, and sensitive information and to also redress the damage caused by the unauthorized access.
In the lawsuit, SSL says two of the documents identified by NASA contain extensive and detailed non-public information regarding implementation of the Dragonfly project between NASA and SSL. This includes a working plan outlining the project’s objective, the technical approach of the project and details regarding the organizational structure and management approach for implementing the Dragonfly project between SSL and NASA personnel. It also includes detailed system engineering information, specifics about the design and implementation plans for the technology proposed by SSL and information regarding product realization and resource requirements.
The first two documents also lay out assignments, timeframes and reporting requirements for the phases and tasks for implementation of the Dragonfly program.
The third document provides a detailed overview and implementation plan for the project, identifying staffing plans and details of the work to be completed and technology implemented in each phase of the program. This document also includes diagrams and pictures of the technology and hardware to be developed through the Dragonfly program, “thus providing a roadmap to SSL’s project plans and proposed technologies,” SSL said.
The fourth document is a copy of the company’s revised Technical, Management and Cost Proposal for the project, a revised version of the proposal materials submitted to NASA in response to the original 2015 Tipping Point Solicitation.
“This document alone is a treasure trove of information for SSL’s competitors as it provides the architecture for the Dragonfly program,” the filing said.
SSL’s lawsuit asked for an award of compensatory, disgorgement, and punitive damages against Orbital ATK in excess of $100,000 to be proven at trial, in addition to attorneys’ fees and expenses. Orbital ATK was unable to respond to a request for comment by press time Thursday.