NASA - National Aeronautics and Space Administration Company Cyber Security Posture
nasa.govFor more than 60 years, NASA has been breaking barriers to achieve the seemingly impossibleโfrom walking on the Moon to pushing the boundaries of human spaceflight farther than ever before. We work in space and around the world in laboratories and wind tunnels, on airfields and in control rooms to explore some of lifeโs fundamental mysteries: Whatโs out there in space? How do we get there? And what can we learn that will make life better here on Earth? We are passionate professionals united by a common purpose: to pioneer the future in space exploration, scientific discovery and aeronautics research. Today, we continue NASAโs legacy of excellence and innovation through an unprecedented array of missions. We are developing the most advanced rockets and spacecraft ever designed, studying the Earth for answers to critical challenges facing our planet, improving the air transportation experience, and so much more. Join us as we reach for new heights and reveal the unknown for the benefit of humanity.
N-NASA Company Details
nasa
47729 employees
6722214.0
336
Aviation and Aerospace Component Manufacturing
nasa.gov
Scan still pending
NAS_4658716
In-progress
N-NASA Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
N-NASA Global Score.png)
NASA - National Aeronautics and Space Administration Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
NASA - National Aeronautics and Space Administration Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| NASA - National Aeronautics and Space Administration | Cyber Attack | 100 | 5 | 01/1999 | NAS214223222 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: NASAโs computers were shut down for about 21 days by a young hacker in 1999. The hacker was able to gain access to 13 computers at the Marshall Space Flight Center and downloaded $1.7 million worth of NASA proprietary software. He was able to access thousands of messages, usernames, passwords, and source code for the International Space Station. The attack cost NASA a total of $41,000 to get systems back on track. | |||||||
| NASA | Vulnerability | 25 | 1 | 5/2025 | NAS829052725 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems. Security researcher Leon Juraniฤ discovered stack-based buffer overflow vulnerabilities in NASAโs software, which could allow for remote code execution. These vulnerabilities were found in tools such as QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife library. Juraniฤ also found reflected XSS vulnerabilities and hard-coded secret values in NASAโs web applications. State-sponsored threat actors could exploit these flaws to compromise NASA's systems and those of other institutions using the vulnerable software. | |||||||
| NASA | Breach | 100 | 6/2025 | NAS449061725 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: A small but persistent air leak in a Russian compartment of the International Space Station has prompted NASA and Axiom Space to indefinitely delay the launch of a commercial flight to the orbiting outpost. The flight was delayed due to high winds and an oxygen leak in the Falcon 9 rocket's first stage. NASA engineers needed more time to assess efforts to plug an air leak aboard the ISS in a Russian vestibule known as the PrK. The PrK serves as a passageway between the station's Zvezda module and spacecraft docked at its aft port. | |||||||
NASA - National Aeronautics and Space Administration Company Subsidiaries
For more than 60 years, NASA has been breaking barriers to achieve the seemingly impossibleโfrom walking on the Moon to pushing the boundaries of human spaceflight farther than ever before. We work in space and around the world in laboratories and wind tunnels, on airfields and in control rooms to explore some of lifeโs fundamental mysteries: Whatโs out there in space? How do we get there? And what can we learn that will make life better here on Earth? We are passionate professionals united by a common purpose: to pioneer the future in space exploration, scientific discovery and aeronautics research. Today, we continue NASAโs legacy of excellence and innovation through an unprecedented array of missions. We are developing the most advanced rockets and spacecraft ever designed, studying the Earth for answers to critical challenges facing our planet, improving the air transportation experience, and so much more. Join us as we reach for new heights and reveal the unknown for the benefit of humanity.
Access Data Using Our API
Get company history
Rapid.png)
N-NASA Cyber Security News
GAO finds NASAโs cyber risk practices inadequate, raising concerns over space project security and risk management
GAO reviewed NASA's policies and guidance regarding cybersecurity risk management. GAO selected a non-generalizable sample of two major projectsย ...
NASA has half-baked risk management for cybersecurity, scathing report finds
A GAO report flags poor documentation, weak controls, and half-baked risk oversight as enduring threats to NASA's mission integrity.
The Wrap: SSAโs Fourth CIO a Charm?; NASA Cyber Gaps; DIB Firms Take Warning
The Social Security Administration's Trump2-era revolving door for chief information officers keeps spinning like a top. The agency hasย ...
Space ISAC, NASA sign agreement to strengthen space security collaboration
The partnership is intended to promote the exchange of information on a range of space security challenges, including space weather,ย ...
NASA Focuses on Cybersecurity of Its Mission-Critical Software
The National Aeronautics and Space Administration is increasingly considering cybersecurity when evaluating software projects in order toย ...
Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements
The qui tam action alleges that Penn State, which solicits and receives research contracts from federal agencies, failed to comply with theย ...
DoD, GSA, NASA unite to boost cybersecurity workforce standards in FAR alignment with EO 13870
It is a fundamental resource in developing and supporting a prepared and effective cybersecurity workforce that enables consistentย ...
Penn State fined $1.25 million for failing to meet cyber requirements in federal contracts
The school was accused of failing to implement cybersecurity controls between 2018 and 2023, and after acknowledging the issues it allegedlyย ...
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorizedย ...
N-NASA Similar Companies
Airbus Helicopters
Airbus is a leader in designing, manufacturing and delivering aerospace products, services and solutions to customers on a worldwide scale. Airbus strives to provide the most efficient helicopter solutions to its customers who serve, protect, save lives and safely carry passengers in demanding envi
SpaceX
SpaceX designs, manufactures and launches the worldโs most advanced rockets and spacecraft. The company was founded in 2002 by Elon Musk to revolutionize space transportation, with the ultimate goal of making life multiplanetary. SpaceX has gained worldwide attention for a series of historic mil
Flight Refuelling Ltd
Key Facts We have a deep understanding of how our equipment will be used and never lose sight of whatโs important to our customers. This insight enables us to design and manufacture products that have the critical functionality customers want and reduce the logistical burden for platforms that
Space Generation Advisory Council
The Space Generation Advisory Council in support of the United Nations Programme on Space Application (SGAC) is a non-governmental organisation which aims to represent students and young space professionals to the United Nations, States, and space agencies. SGAC has permanent observer status in the
Dassault Aviation
Dassault Aviation is a French aerospace company that shapes the future by designing and building military aircraft, business jets and space systems. Leader on the New Generation Fighter developed within the joint European program FCAS (Future Combat Air System) Designer and manufacturer of the Raf
Pratt & Whitney
Pratt & Whitney, an RTX business, is a global leader in propulsion systems, powering the most advanced aircraft in the world, and we are shaping the future of aviation. Our engines help connect people, grow economies and defend freedom. Our customers depend on us to get where theyโre going and back
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
N-NASA CyberSecurity History Information
How many cyber incidents has N-NASA faced?
Total Incidents: According to Rankiteo, N-NASA has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at N-NASA?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack, Vulnerability and Breach.
What was the total financial impact of these incidents on N-NASA?
Total Financial Loss: The total financial loss from these incidents is estimated to be $41 thousand.
How does N-NASA detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through containment measures with Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations and remediation measures with Patching suspect crack and other possible sources of leakage.
Incident Details
Can you provide details on each incident?
Incident : Hardware Malfunction
Title: Air Leak in Russian Compartment of the International Space Station
Description: Concern about a small but persistent air leak in a Russian compartment of the International Space Station has prompted NASA and Axiom Space to indefinitely delay this week's launch of a commercial flight to the orbiting outpost.
Date Detected: 2019
Type: Hardware Malfunction
Vulnerability Exploited: Aging hardware
Incident : Vulnerability Exploitation
Title: Vulnerabilities in NASA Open Source Software
Description: Vulnerabilities in open source software developed and used in-house by NASA were discovered by Leon Juraniฤ, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities were found in tools such as QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife library. These vulnerabilities include stack-based buffer overflows, reflected cross site scripting (XSS), and hard-coded secret values, which could be exploited for remote code execution.
Type: Vulnerability Exploitation
Attack Vector: Exploitation of vulnerabilities in software
Vulnerability Exploited: Stack-based buffer overflow, Reflected cross site scripting (XSS), Hard-coded secret values
Threat Actor: Potential state-sponsored threat actors
Motivation: To compromise computer systems at NASA and other institutions using the vulnerable software
Incident : Cyber Attack
Title: NASA Cyber Attack by Hacker in 1999
Description: NASAโs computers were shut down for about 21 days by a young hacker in 1999. The hacker was able to gain access to 13 computers at the Marshall Space Flight Center and downloaded $1.7 million worth of NASA proprietary software. He was able to access thousands of messages, usernames, passwords, and source code for the International Space Station. The attack cost NASA a total of $41,000 to get systems back on track.
Type: Cyber Attack
Attack Vector: Unauthorized Access
Threat Actor: Young Hacker
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident?
Incident : Hardware Malfunction NAS449061725
Systems Affected: Russian compartment (PrK) of the ISS, Zvezda module
Downtime: Indefinite delay of Axiom-4 launch
Operational Impact: Delay in space missions
Incident : Vulnerability Exploitation NAS829052725
Systems Affected: QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, knife library
Incident : Cyber Attack NAS214223222
Financial Loss: $41,000
Data Compromised: messages, usernames, passwords, source code for the International Space Station
Systems Affected: 13 computers at the Marshall Space Flight Center
Downtime: 21 days
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $13.67 thousand.
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are proprietary software, messages, usernames, passwords and source code.
Which entities were affected by each incident?
Incident : Hardware Malfunction NAS449061725
Entity Type: Government Agency
Industry: Space Exploration
Location: Houston, Texas
Incident : Hardware Malfunction NAS449061725
Entity Type: Government Agency
Industry: Space Exploration
Location: Russia
Incident : Vulnerability Exploitation NAS829052725
Entity Type: Government Agency
Industry: Aerospace
Location: United States
Response to the Incidents
What measures were taken in response to each incident?
Incident : Hardware Malfunction NAS449061725
Containment Measures: Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations
Remediation Measures: Patching suspect crack and other possible sources of leakage
Data Breach Information
What type of data was compromised in each breach?
Incident : Cyber Attack NAS214223222
Type of Data Compromised: proprietary software, messages, usernames, passwords, source code
Sensitivity of Data: High
Data Exfiltration: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching suspect crack and other possible sources of leakage.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations.
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Vulnerability Exploitation NAS829052725
Lessons Learned: The importance of Secure Software Development Life Cycle (SDLC) practices, especially for government agencies and their contractors.
What recommendations were made to prevent future incidents?
Incident : Vulnerability Exploitation NAS829052725
Recommendations: Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are The importance of Secure Software Development Life Cycle (SDLC) practices, especially for government agencies and their contractors.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy..
References
Where can I find more information about each incident?
Incident : Hardware Malfunction NAS449061725
Source: CBS News/NASA
Incident : Vulnerability Exploitation NAS829052725
Source: Help Net Security
Incident : Cyber Attack NAS214223222
Source: Cyber Incident Description
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CBS News/NASA, and Source: Help Net Security, and Source: Cyber Incident Description.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Hardware Malfunction NAS449061725
Investigation Status: Ongoing
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Hardware Malfunction NAS449061725
Root Causes: High cyclic fatigue caused by micro vibrations, Pressure and mechanical stress, Residual stress, Material properties, Environmental exposures
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Potential state-sponsored threat actors and Young Hacker.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2019.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was $41,000.
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were messages, usernames, passwords and source code for the International Space Station.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Russian compartment (PrK) of the ISS, Zvezda module and QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, knife library and 13 computers at the Marshall Space Flight Center.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were messages, usernames, passwords and source code for the International Space Station.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The importance of Secure Software Development Life Cycle (SDLC) practices, especially for government agencies and their contractors.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are CBS News/NASA, Help Net Security and Cyber Incident Description.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
