The U.S. Government Accountability Office (GAO) recently revealed that National Aeronautics and Space Administration (NASA) spacecraft development programs are deficient in mandatory cybersecurity controls as per acquisition policies and standards. This exposes the technology to potential cyber threats.

“A cyber incident could result in loss of mission data, decreased lifespan or capability of space systems, or the loss of control of space vehicles,” GAO said in the report.

GAO was tasked with examining the cybersecurity requirements outlined in NASA contracts for its spacecraft projects. 

The report evaluates the degree to which NASA integrated cybersecurity measures into selected spacecraft contracts and identifies whether any additional cybersecurity enhancements are necessary for its spacecraft acquisition policies and standards.

In its assessment, the GAO scrutinized NASA’s policies and standards related to spacecraft cybersecurity. 

To provide insight, the GAO selected a specific yet not broadly applicable sample of three spacecraft projects. These projects were chosen to represent various NASA centers and developmental stages and encompassed both robotic and human spaceflight endeavors. 

For each of these projects, the GAO analyzed pertinent contracts and project documentation and conducted interviews with project and cybersecurity personnel.

Earlier this year, a report by the Office of Inspector General (OIG) emphasized that NASA’s high-end computing (HEC) technologies require a comprehensive revamp to effectively compete with space research programs of other nations and maintain its leadership role.

The oversight body discovered that NASA’s supercomputing resources lack centralized management as a program or strategic service within the agency.

This fragmented oversight hampers NASA’s capacity to allocate resources efficiently, adjust to diverse mission requirements, and promptly respond to technological advancements.