NNASA
Company Details
Linkedin ID:
nasa
Website:
Employees number:
46,373
Number of followers:
6,831,578
NAICS:
3364
Industry Type:
Homepage:
nasa.gov
IP Addresses:
0
Company ID:
NAS_4658716
Scan Status:
In-progress
NASA - National Aeronautics and Space Administration Company CyberSecurity Posture
nasa.gov
For more than 60 years, NASA has been breaking barriers to achieve the seemingly impossible—from walking on the Moon to pushing the boundaries of human spaceflight farther than ever before. We work in space and around the world in laboratories and wind tunnels, on airfields and in control rooms to explore some of life’s fundamental mysteries: What’s out there in space? How do we get there? And what can we learn that will make life better here on Earth? We are passionate professionals united by a common purpose: to pioneer the future in space exploration, scientific discovery and aeronautics research. Today, we continue NASA’s legacy of excellence and innovation through an unprecedented array of missions. We are developing the most advanced rockets and spacecraft ever designed, studying the Earth for answers to critical challenges facing our planet, improving the air transportation experience, and so much more. Join us as we reach for new heights and reveal the unknown for the benefit of humanity.
NASA - National Aeronautics and Space Administration A.I CyberSecurity Scoring
NNASA Risk Score (AI oriented)Between 750 and 799
NNASA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NNASA Global Score (TPRM)XXXX
NNASA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NNASA Company CyberSecurity News & History
Past Incidents
4
Attack Types
3
NASA
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A small but persistent air leak in a Russian compartment of the International Space Station has prompted NASA and Axiom Space to indefinitely delay the launch of a commercial flight to the orbiting outpost. The flight was delayed due to high winds and an oxygen leak in the Falcon 9 rocket's first stage. NASA engineers needed more time to assess efforts to plug an air leak aboard the ISS in a Russian vestibule known as the PrK. The PrK serves as a passageway between the station's Zvezda module and spacecraft docked at its aft port.
NASA - National Aeronautics and Space Administration
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: NASA’s computers were shut down for about 21 days by a young hacker in 1999. The hacker was able to gain access to 13 computers at the Marshall Space Flight Center and downloaded $1.7 million worth of NASA proprietary software. He was able to access thousands of messages, usernames, passwords, and source code for the International Space Station. The attack cost NASA a total of $41,000 to get systems back on track.
NASA (Artemis Program)
Cyber Attack
Rankiteo Explanation
Attack that could injure or kill people
Description: The article highlights critical cybersecurity vulnerabilities in NASA’s **Artemis program**, particularly in the next-generation spacesuits and onboard systems of crewed spacecraft. The lack of cybersecurity specifications in spacesuit design proposals exposes missions to severe risks, including **malware or ransomware attacks** that could compromise life-support systems (e.g., air filters), steal proprietary/national secrets, or manipulate safety-critical operations. The integrated nature of spacecraft systems—where internal networks trust each other implicitly—amplifies threats, as malicious actors (crew, tourists, or external hackers) could exploit weak authentication to gain full control. Unlike terrestrial IT threats, space-based attacks could escalate to **life-or-death consequences** due to the unforgiving environment. The absence of modern safeguards like **zero-trust protocols** or ethical hacking frameworks further exacerbates risks, with potential for **catastrophic system failures** during missions. Experts warn that outdated 'security by obscurity' approaches are insufficient against evolving threats, including **ransomware-driven sabotage** or targeted attacks on crew safety.
NASA
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems. Security researcher Leon Juranić discovered stack-based buffer overflow vulnerabilities in NASA’s software, which could allow for remote code execution. These vulnerabilities were found in tools such as QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife library. Juranić also found reflected XSS vulnerabilities and hard-coded secret values in NASA’s web applications. State-sponsored threat actors could exploit these flaws to compromise NASA's systems and those of other institutions using the vulnerable software.
NNASA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NNASA
Incidents vs Aviation and Aerospace Component Manufacturing Industry Average (This Year)
NASA - National Aeronautics and Space Administration has 257.14% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
NASA - National Aeronautics and Space Administration has 207.69% more incidents than the average of all companies with at least one recorded incident.
Incident Types NNASA vs Aviation and Aerospace Component Manufacturing Industry Avg (This Year)
NASA - National Aeronautics and Space Administration reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — NNASA (X = Date, Y = Severity)
NNASA cyber incidents detection timeline including parent company and subsidiaries
NNASA Company Subsidiaries
For more than 60 years, NASA has been breaking barriers to achieve the seemingly impossible—from walking on the Moon to pushing the boundaries of human spaceflight farther than ever before. We work in space and around the world in laboratories and wind tunnels, on airfields and in control rooms to explore some of life’s fundamental mysteries: What’s out there in space? How do we get there? And what can we learn that will make life better here on Earth? We are passionate professionals united by a common purpose: to pioneer the future in space exploration, scientific discovery and aeronautics research. Today, we continue NASA’s legacy of excellence and innovation through an unprecedented array of missions. We are developing the most advanced rockets and spacecraft ever designed, studying the Earth for answers to critical challenges facing our planet, improving the air transportation experience, and so much more. Join us as we reach for new heights and reveal the unknown for the benefit of humanity.
Loading...
NNASA Similar Companies
We are building a road to space for the benefit of Earth, humanity’s blue origin. Our team is focused on radically reducing the cost of access to space and harnessing its vast resources while mobilizing future generations to realize this mission. Blue Origin builds reusable rocket engines, launch ve
Pratt & Whitney, an RTX business, is a global leader in propulsion systems, powering the most advanced aircraft in the world, and we are shaping the future of aviation. Our engines help connect people, grow economies and defend freedom. Our customers depend on us to get where they’re going and back
Airbus
Airbus pioneers sustainable aerospace for a safe and united world. The Company constantly innovates to provide efficient and technologically-advanced solutions in aerospace, defence, and connected services. In commercial aircraft, Airbus designs and manufactures modern and fuel-efficient airliners
B/E Aerospace
B/E Aerospace is now part of Rockwell Collins. With the acquisition of B/E Aerospace in April 2017, Rockwell Collins is now a world leader in designing, developing and manufacturing cabin interior products and services that deliver innovation, reliability and efficiency. Our broad range of offeri
Federal Aviation Administration
The FAA is on the leading edge of a new frontier in commercial space transportation, building the next generation (NextGen) of satellite-based navigation systems, and fostering the safe integration of unmanned aerial systems into our airspace. We can only dream of what the next 50 years of American
Bombardier
Bombardier is a global leader in aviation, focused on designing, manufacturing, and servicing the world's most exceptional business jets. Bombardier’s Challenger and Global aircraft families are renowned for their cutting-edge innovation, cabin design, performance, and reliability. Bombardier has a
CAE
At CAE, we equip people in critical roles with the expertise and solutions to create a safer world. As a technology company, we digitalize the physical world, deploying simulation training and critical operations support solutions. Above all else, we empower pilots, airlines, defence and security fo
SpaceX
SpaceX designs, manufactures and launches the world’s most advanced rockets and spacecraft. The company was founded in 2002 by Elon Musk to revolutionize space transportation, with the ultimate goal of making life multiplanetary. SpaceX has gained worldwide attention for a series of historic mil
Embraer
A global aerospace company headquartered in Brazil, Embraer has businesses in Commercial and Executive Aviation, Defense & Security, and Agricultural Aviation. The company designs, develops, manufactures and markets aircraft and systems, providing Services and Support to customer after-sales. Sinc
.png)
NNASA CyberSecurity News
September 29, 2025 07:00 AM
The Wrap: CISA Kicks Off Cybersecurity Awareness Month; SAMOSA Is Back; Saving NASA Funding
September 13, 2025 07:00 AM
NASA Bans Chinese Nationals Amid Rising "Space Race" Tensions
TEMPO.CO, Jakarta - The United States' National Aeronautics and Space Administration (NASA) has officially banned Chinese nationals from...
September 11, 2025 07:00 AM
NASA bars Chinese citizens from its facilities, networks, even Zoom calls
NASA has barred Chinese nationals from accessing its premises and assets, even those who hold visas that permit them to reside in the USA.
September 10, 2025 07:00 AM
NASA Blocks Chinese Citizens With US Visas From Working on Space Programs
NASA has blocked Chinese citizens with US visas from working on agency programs, people familiar with the matter said, as Washington...
August 06, 2025 07:00 AM
How a Young Cybersecurity Prodigy Made NASA’s Hall of Fame
Widowed by COVID-19, Pooja rebuilt life with Adani Cement's support. Today, her teenage son Vansh is honoured at one of the most prestigious...
July 07, 2025 07:00 AM
NASA has half-baked risk management for cybersecurity, scathing report finds
A GAO report flags poor documentation, weak controls, and half-baked risk oversight as enduring threats to NASA's mission integrity.
July 01, 2025 07:00 AM
NASA’s FY 2026 Discretionary Budget Prioritizes Deep Space Exploration
Winning the space race drives NASA's $18.8B FY 2026 Discretionary Budget request and increases small business opportunities under realigned...
June 27, 2025 07:00 AM
GAO finds NASA’s cyber risk practices inadequate, raising concerns over space project security and risk management
Following a review of the cybersecurity risk management at the National Aeronautics and Space Administration (NASA), the U.S. Government...
June 18, 2025 07:00 AM
DIP Overview
Challenges. Current day air traffic management systems are segmented by domain, operator groups, and solution provider groups, which creates...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NNASA CyberSecurity History Information
Official Website of NASA - National Aeronautics and Space Administration
The official website of NASA - National Aeronautics and Space Administration is http://www.nasa.gov.
NASA - National Aeronautics and Space Administration’s AI-Generated Cybersecurity Score
According to Rankiteo, NASA - National Aeronautics and Space Administration’s AI-generated cybersecurity score is 799, reflecting their Fair security posture.
How many security badges does NASA - National Aeronautics and Space Administration’ have ?
According to Rankiteo, NASA - National Aeronautics and Space Administration currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NASA - National Aeronautics and Space Administration have SOC 2 Type 1 certification ?
According to Rankiteo, NASA - National Aeronautics and Space Administration is not certified under SOC 2 Type 1.
Does NASA - National Aeronautics and Space Administration have SOC 2 Type 2 certification ?
According to Rankiteo, NASA - National Aeronautics and Space Administration does not hold a SOC 2 Type 2 certification.
Does NASA - National Aeronautics and Space Administration comply with GDPR ?
According to Rankiteo, NASA - National Aeronautics and Space Administration is not listed as GDPR compliant.
Does NASA - National Aeronautics and Space Administration have PCI DSS certification ?
According to Rankiteo, NASA - National Aeronautics and Space Administration does not currently maintain PCI DSS compliance.
Does NASA - National Aeronautics and Space Administration comply with HIPAA ?
According to Rankiteo, NASA - National Aeronautics and Space Administration is not compliant with HIPAA regulations.
Does NASA - National Aeronautics and Space Administration have ISO 27001 certification ?
According to Rankiteo,NASA - National Aeronautics and Space Administration is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NASA - National Aeronautics and Space Administration
NASA - National Aeronautics and Space Administration operates primarily in the Aviation and Aerospace Component Manufacturing industry.
Number of Employees at NASA - National Aeronautics and Space Administration
NASA - National Aeronautics and Space Administration employs approximately 46,373 people worldwide.
Subsidiaries Owned by NASA - National Aeronautics and Space Administration
NASA - National Aeronautics and Space Administration presently has no subsidiaries across any sectors.
NASA - National Aeronautics and Space Administration’s LinkedIn Followers
NASA - National Aeronautics and Space Administration’s official LinkedIn profile has approximately 6,831,578 followers.
NAICS Classification of NASA - National Aeronautics and Space Administration
NASA - National Aeronautics and Space Administration is classified under the NAICS code 3364, which corresponds to Aerospace Product and Parts Manufacturing.
NASA - National Aeronautics and Space Administration’s Presence on Crunchbase
No, NASA - National Aeronautics and Space Administration does not have a profile on Crunchbase.
NASA - National Aeronautics and Space Administration’s Presence on LinkedIn
Yes, NASA - National Aeronautics and Space Administration maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nasa.
Cybersecurity Incidents Involving NASA - National Aeronautics and Space Administration
As of December 10, 2025, Rankiteo reports that NASA - National Aeronautics and Space Administration has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
NASA - National Aeronautics and Space Administration has an estimated 2,675 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NASA - National Aeronautics and Space Administration ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Cyber Attack and Breach.
What was the total financial impact of these incidents on NASA - National Aeronautics and Space Administration ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $41 thousand.
How does NASA - National Aeronautics and Space Administration detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with closing the hatch leading to the prk and the station's aft docking compartment during daily operations, and remediation measures with patching suspect crack and other possible sources of leakage, and remediation measures with proposed: zero-trust protocols for spacecraft systems, remediation measures with proposed: segmentation of safety-critical operations, remediation measures with proposed: malware scanning for passenger devices (space tsa equivalent), remediation measures with proposed: ethical hacking programs to identify vulnerabilities, and communication strategy with public disclosure via ieee aerospace conference paper, communication strategy with media coverage (e.g., ieee journal watch), communication strategy with calls for national/international policy changes, and network segmentation with proposed for future systems, and enhanced monitoring with proposed for crewed missions..
Incident Details
Can you provide details on each incident ?
Title: NASA Cyber Attack by Hacker in 1999
Description: NASA’s computers were shut down for about 21 days by a young hacker in 1999. The hacker was able to gain access to 13 computers at the Marshall Space Flight Center and downloaded $1.7 million worth of NASA proprietary software. He was able to access thousands of messages, usernames, passwords, and source code for the International Space Station. The attack cost NASA a total of $41,000 to get systems back on track.
Type: Cyber Attack
Attack Vector: Unauthorized Access
Threat Actor: Young Hacker
Title: Vulnerabilities in NASA Open Source Software
Description: Vulnerabilities in open source software developed and used in-house by NASA were discovered by Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities were found in tools such as QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife library. These vulnerabilities include stack-based buffer overflows, reflected cross site scripting (XSS), and hard-coded secret values, which could be exploited for remote code execution.
Type: Vulnerability Exploitation
Attack Vector: Exploitation of vulnerabilities in software
Vulnerability Exploited: Stack-based buffer overflowReflected cross site scripting (XSS)Hard-coded secret values
Threat Actor: Potential state-sponsored threat actors
Motivation: To compromise computer systems at NASA and other institutions using the vulnerable software
Title: Air Leak in Russian Compartment of the International Space Station
Description: Concern about a small but persistent air leak in a Russian compartment of the International Space Station has prompted NASA and Axiom Space to indefinitely delay this week's launch of a commercial flight to the orbiting outpost.
Date Detected: 2019
Type: Hardware Malfunction
Vulnerability Exploited: Aging hardware
Title: Potential Cybersecurity Vulnerabilities in Crewed Spacecraft Systems (Artemis Program and Beyond)
Description: A research paper presented at the 2023 IEEE Aerospace Conference highlights critical cybersecurity gaps in next-generation spacesuits and crewed spacecraft systems, including NASA's Artemis program. The study, led by Gregory Falco (Johns Hopkins), warns of risks such as malware/ransomware attacks via crew members (as attackers, vectors, collateral, or targets), theft of proprietary secrets, and sabotage of life-support systems. The lack of cybersecurity specifications in spacesuit designs and outdated 'security by obscurity' approaches are key concerns. Experts advocate for zero-trust protocols, ethical hacking, and space-specific security paradigms to mitigate risks in the high-stakes environment of human spaceflight.
Date Publicly Disclosed: 2023-03-00
Type: Research Warning
Attack Vector: Proximity-based malware/ransomware installation via crew membersExploitation of trusted internal spacecraft networks (lack of zero-trust)Compromised crew devices (e.g., space tourists' digital equipment)Sabotage of safety-critical systems (e.g., air filters, life support)Theft of proprietary/national secrets via insider threats
Vulnerability Exploited: Absence of cybersecurity specifications in Artemis spacesuit designs'Security by obscurity' (bespoke systems assumed secure due to complexity)Full-access trust model for onboard systemsLack of segmentation between safety-critical and non-critical operationsNo malware scanning for passenger devices (space tourism)
Threat Actor: State-sponsored actors (e.g., from space-dominant nations like U.S., China)Space tourists with malicious intentManipulated crew members (coerced or unwitting)Cybercriminals targeting ransomware opportunitiesInsider threats (crew as attackers)
Motivation: Espionage (theft of proprietary/national secrets)Financial gain (ransomware)Sabotage (disrupting missions or endangering crew)Geopolitical advantage in space raceProof-of-concept attacks (e.g., ethical hackers exposing flaws)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised crew/passenger devicesTrusted internal networks (lack of access controls)Physical proximity exploits (e.g., USB drives and maintenance ports).
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Attack NAS214223222
Financial Loss: $41,000
Data Compromised: Messages, Usernames, Passwords, Source code for the international space station
Systems Affected: 13 computers at the Marshall Space Flight Center
Downtime: 21 days
Incident : Vulnerability Exploitation NAS829052725
Systems Affected: QuIPOpenVSPRHEASOMINASRefineCFDTOOLSknife library
Incident : Hardware Malfunction NAS449061725
Systems Affected: Russian compartment (PrK) of the ISSZvezda module
Downtime: Indefinite delay of Axiom-4 launch
Operational Impact: Delay in space missions
Incident : Research Warning NAS2215122102825
Data Compromised: Proprietary spacecraft designs, National security secrets, Crew personal data, Mission-critical operational data
Systems Affected: Next-generation spacesuits (Artemis program)Life-support systems (e.g., air filters)Onboard computer networksCommunication linksSafety-critical operational systems
Operational Impact: Potential mission failure or abortLoss of crew trust in systemsDelayed spaceflight programs (e.g., Artemis)Increased scrutiny from regulatory bodiesNeed for emergency protocol overhauls
Brand Reputation Impact: Erosion of public trust in space agencies (e.g., NASA)Negative perception of space tourism safetyPotential investor hesitation in commercial space ventures
Legal Liabilities: Violations of emerging space cybersecurity regulationsLiability for crew endangerment or fatalitiesInternational disputes over state-sponsored attacks
Identity Theft Risk: ['Crew personal data exposure']
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $10.25 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Proprietary Software, Messages, Usernames, Passwords, Source Code, , Hypothetical: Proprietary Spacecraft Data, Crew Personal Information, Mission Operational Data and .
Which entities were affected by each incident ?
Incident : Cyber Attack NAS214223222
Entity Name: NASA
Entity Type: Government Agency
Industry: Aerospace
Incident : Vulnerability Exploitation NAS829052725
Entity Name: NASA
Entity Type: Government Agency
Industry: Aerospace
Location: United States
Incident : Hardware Malfunction NAS449061725
Entity Name: NASA
Entity Type: Government Agency
Industry: Space Exploration
Location: Houston, Texas
Incident : Hardware Malfunction NAS449061725
Entity Name: Axiom Space
Entity Type: Private Company
Industry: Space Exploration
Incident : Hardware Malfunction NAS449061725
Entity Name: Roscosmos
Entity Type: Government Agency
Industry: Space Exploration
Location: Russia
Incident : Research Warning NAS2215122102825
Entity Name: NASA
Entity Type: Government Space Agency
Industry: Aerospace/Defense
Location: United States
Size: Large
Incident : Research Warning NAS2215122102825
Entity Name: Artemis Program
Entity Type: Spaceflight Mission
Industry: Space Exploration
Location: International (led by U.S.)
Incident : Research Warning NAS2215122102825
Entity Name: China National Space Administration (CNSA)
Entity Type: Government Space Agency
Industry: Aerospace/Defense
Location: China
Size: Large
Incident : Research Warning NAS2215122102825
Entity Name: Tiangong Space Station
Entity Type: Space Station
Industry: Space Exploration
Location: Low Earth Orbit (China-led)
Incident : Research Warning NAS2215122102825
Entity Name: Commercial Space Tourism Companies
Entity Type: Private Sector
Industry: Space Tourism
Location: Global
Size: Varies (Startups to Large)
Customers Affected: Potential space tourists
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Hardware Malfunction NAS449061725
Containment Measures: Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations
Remediation Measures: Patching suspect crack and other possible sources of leakage
Incident : Research Warning NAS2215122102825
Remediation Measures: Proposed: Zero-trust protocols for spacecraft systemsProposed: Segmentation of safety-critical operationsProposed: Malware scanning for passenger devices (space TSA equivalent)Proposed: Ethical hacking programs to identify vulnerabilities
Communication Strategy: Public disclosure via IEEE Aerospace Conference paperMedia coverage (e.g., IEEE Journal Watch)Calls for national/international policy changes
Network Segmentation: ['Proposed for future systems']
Enhanced Monitoring: Proposed for crewed missions
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyber Attack NAS214223222
Type of Data Compromised: Proprietary software, Messages, Usernames, Passwords, Source code
Sensitivity of Data: High
Incident : Research Warning NAS2215122102825
Type of Data Compromised: Hypothetical: proprietary spacecraft data, Crew personal information, Mission operational data
Sensitivity of Data: High (national security, crew safety)
Data Exfiltration: Hypothetical: Via compromised crew devices or internal networks
Personally Identifiable Information: Hypothetical: Crew/Passenger PII
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching suspect crack and other possible sources of leakage, , Proposed: Zero-trust protocols for spacecraft systems, Proposed: Segmentation of safety-critical operations, Proposed: Malware scanning for passenger devices (space TSA equivalent), Proposed: Ethical hacking programs to identify vulnerabilities, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by closing the hatch leading to the prk and the station's aft docking compartment during daily operations and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Research Warning NAS2215122102825
Data Encryption: ['Hypothetical: Safety-critical systems']
Data Exfiltration: ['Hypothetical: For double-extortion attacks']
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Research Warning NAS2215122102825
Regulations Violated: Lack of compliance with emerging space cybersecurity standards,
Regulatory Notifications: Call for new national/international policies (e.g., via UW Space Law Program)
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation NAS829052725
Lessons Learned: The importance of Secure Software Development Life Cycle (SDLC) practices, especially for government agencies and their contractors.
Incident : Research Warning NAS2215122102825
Lessons Learned: 'Security by obscurity' is insufficient for modern spacecraft, Crew members (including tourists) can be attack vectors, Zero-trust models are critical for life-support systems, Space cybersecurity requires bespoke solutions (not terrestrial copy-paste), Ethical hacking and red-teaming are underutilized in aerospace, Policy gaps exist at national and international levels
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation NAS829052725
Recommendations: Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy.
Incident : Research Warning NAS2215122102825
Recommendations: Mandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awarenessMandate cybersecurity specifications in spacesuit/spacecraft RFPs, Adopt zero-trust architecture for all onboard systems, Implement segmentation between critical and non-critical operations, Establish a 'space TSA' to scan passenger devices for malware, Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Foster ethical hacking programs with legal protections for researchers, Create national legislation for space cybersecurity (U.S., China, etc.), Enhance international dialogue on space cyber threats, Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awareness
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The importance of Secure Software Development Life Cycle (SDLC) practices, especially for government agencies and their contractors.'Security by obscurity' is insufficient for modern spacecraft,Crew members (including tourists) can be attack vectors,Zero-trust models are critical for life-support systems,Space cybersecurity requires bespoke solutions (not terrestrial copy-paste),Ethical hacking and red-teaming are underutilized in aerospace,Policy gaps exist at national and international levels.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy..
References
Where can I find more information about each incident ?
Incident : Cyber Attack NAS214223222
Source: Cyber Incident Description
Incident : Vulnerability Exploitation NAS829052725
Source: Help Net Security
Incident : Hardware Malfunction NAS449061725
Source: CBS News/NASA
Incident : Research Warning NAS2215122102825
Source: IEEE Aerospace Conference 2023 Paper
Date Accessed: 2023-03-00
Incident : Research Warning NAS2215122102825
Source: IEEE Journal Watch (Partnership with IEEE Xplore)
Date Accessed: 2023-07-00
Incident : Research Warning NAS2215122102825
Source: 2019 IEEE Aerospace and Electronic Systems Review Paper (Satellite Cybersecurity)
Incident : Research Warning NAS2215122102825
Source: 2021 NASA Report on Cyber Incidents
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: Help Net Security, and Source: CBS News/NASA, and Source: IEEE Aerospace Conference 2023 PaperDate Accessed: 2023-03-00, and Source: IEEE Journal Watch (Partnership with IEEE Xplore)Date Accessed: 2023-07-00, and Source: 2019 IEEE Aerospace and Electronic Systems Review Paper (Satellite Cybersecurity), and Source: 2021 NASA Report on Cyber Incidents.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Hardware Malfunction NAS449061725
Investigation Status: Ongoing
Incident : Research Warning NAS2215122102825
Investigation Status: Ongoing Research/Advocacy (No active incident; theoretical analysis)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosure Via Ieee Aerospace Conference Paper, Media Coverage (E.G., Ieee Journal Watch) and Calls For National/International Policy Changes.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Research Warning NAS2215122102825
Stakeholder Advisories: Space Agencies (Nasa, Cnsa, Esa, Etc.), Commercial Spaceflight Companies (E.G., Spacex, Blue Origin), Space Tourism Operators, National Legislatures (E.G., U.S. Congress, China'S Npc), International Bodies (E.G., Un Office For Outer Space Affairs), Aerospace Industry Standards Organizations (E.G., Ieee, Iso).
Customer Advisories: Future Artemis crew membersSpace touristsAstronauts on Tiangong Space StationCommercial spaceflight passengers
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Space Agencies (Nasa, Cnsa, Esa, Etc.), Commercial Spaceflight Companies (E.G., Spacex, Blue Origin), Space Tourism Operators, National Legislatures (E.G., U.S. Congress, China'S Npc), International Bodies (E.G., Un Office For Outer Space Affairs), Aerospace Industry Standards Organizations (E.G., Ieee, Iso), Future Artemis Crew Members, Space Tourists, Astronauts On Tiangong Space Station, Commercial Spaceflight Passengers and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Research Warning NAS2215122102825
Entry Point: Compromised Crew/Passenger Devices, Trusted Internal Networks (Lack Of Access Controls), Physical Proximity Exploits (E.G., Usb Drives, Maintenance Ports),
Backdoors Established: ['Hypothetical: Persistent access via spacesuit or life-support systems']
High Value Targets: Mission-Critical Operational Data, Life-Support System Controls, Propulsion/Navigation Systems, Crew Communication Channels,
Data Sold on Dark Web: Mission-Critical Operational Data, Life-Support System Controls, Propulsion/Navigation Systems, Crew Communication Channels,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Hardware Malfunction NAS449061725
Root Causes: High Cyclic Fatigue Caused By Micro Vibrations, Pressure And Mechanical Stress, Residual Stress, Material Properties, Environmental Exposures,
Incident : Research Warning NAS2215122102825
Root Causes: Lack Of Cybersecurity Requirements In Procurement (E.G., Artemis Spacesuits), Over-Reliance On 'Security By Obscurity', Absence Of Zero-Trust Models In Spacecraft Design, No Standardized Cybersecurity Frameworks For Space Systems, Insufficient Red-Teaming/Ethical Hacking In Aerospace, Policy Gaps At National/International Levels,
Corrective Actions: Update Nasa/Cnsa Cybersecurity Policies For Crewed Missions, Integrate Zero-Trust And Segmentation Into Spacecraft Architecture, Fund R&D For Space-Specific Security Solutions, Establish Legal Frameworks For Ethical Hacking In Aerospace, Develop 'Space Tsa' Protocols For Passenger Device Screening, Enhance Crew Training On Cyber Threats, Create International Norms For Space Cybersecurity (Via Un Or Bilateral Agreements),
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Proposed For Crewed Missions, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Update Nasa/Cnsa Cybersecurity Policies For Crewed Missions, Integrate Zero-Trust And Segmentation Into Spacecraft Architecture, Fund R&D For Space-Specific Security Solutions, Establish Legal Frameworks For Ethical Hacking In Aerospace, Develop 'Space Tsa' Protocols For Passenger Device Screening, Enhance Crew Training On Cyber Threats, Create International Norms For Space Cybersecurity (Via Un Or Bilateral Agreements), .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Young Hacker, Potential state-sponsored threat actors, State-sponsored actors (e.g., from space-dominant nations like U.S. and China)Space tourists with malicious intentManipulated crew members (coerced or unwitting)Cybercriminals targeting ransomware opportunitiesInsider threats (crew as attackers).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-03-00.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $41,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were messages, usernames, passwords, source code for the International Space Station, , Proprietary spacecraft designs, National security secrets, Crew personal data, Mission-critical operational data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were 13 computers at the Marshall Space Flight Center and QuIPOpenVSPRHEASOMINASRefineCFDTOOLSknife library and Russian compartment (PrK) of the ISSZvezda module and Next-generation spacesuits (Artemis program)Life-support systems (e.g., air filters)Onboard computer networksCommunication linksSafety-critical operational systems.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Closing the hatch leading to the PrK and the station's aft docking compartment during daily operations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were passwords, source code for the International Space Station, Mission-critical operational data, National security secrets, Crew personal data, usernames, Proprietary spacecraft designs and messages.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Policy gaps exist at national and international levels.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Develop space-specific cybersecurity standards (e.g., via IEEE, ISO), Mandate cybersecurity specifications in spacesuit/spacecraft RFPs, Create national legislation for space cybersecurity (U.S., China, etc.), Invest in R&D for novel security paradigms (e.g., AI-driven anomaly detection), Prioritize crew training on cyber hygiene and insider threat awareness, Enhance international dialogue on space cyber threats, Adopt zero-trust architecture for all onboard systems, Improvement in NASA's software security processes and NASA's SRA (Software Release Authority) policy., Foster ethical hacking programs with legal protections for researchers, Establish a 'space TSA' to scan passenger devices for malware and Implement segmentation between critical and non-critical operations.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are 2021 NASA Report on Cyber Incidents, CBS News/NASA, Cyber Incident Description, IEEE Aerospace Conference 2023 Paper, Help Net Security, 2019 IEEE Aerospace and Electronic Systems Review Paper (Satellite Cybersecurity) and IEEE Journal Watch (Partnership with IEEE Xplore).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Space agencies (NASA, CNSA, ESA, etc.), Commercial spaceflight companies (e.g., SpaceX, Blue Origin), Space tourism operators, National legislatures (e.g., U.S. Congress, China's NPC), International bodies (e.g., UN Office for Outer Space Affairs), Aerospace industry standards organizations (e.g., IEEE, ISO), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Future Artemis crew membersSpace touristsAstronauts on Tiangong Space StationCommercial spaceflight passengers.
Initial Access Broker
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was High cyclic fatigue caused by micro vibrationsPressure and mechanical stressResidual stressMaterial propertiesEnvironmental exposures, Lack of cybersecurity requirements in procurement (e.g., Artemis spacesuits)Over-reliance on 'security by obscurity'Absence of zero-trust models in spacecraft designNo standardized cybersecurity frameworks for space systemsInsufficient red-teaming/ethical hacking in aerospacePolicy gaps at national/international levels.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Update NASA/CNSA cybersecurity policies for crewed missionsIntegrate zero-trust and segmentation into spacecraft architectureFund R&D for space-specific security solutionsEstablish legal frameworks for ethical hacking in aerospaceDevelop 'space TSA' protocols for passenger device screeningEnhance crew training on cyber threatsCreate international norms for space cybersecurity (via UN or bilateral agreements).
.png)
Latest Global CVEs (Not Company-Specific)
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698
- https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nasa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
