Space Surveillance Network:

Appropriate Controls Needed Over Data Access

GAO-02-402RNI: Published: Apr 22, 2002. Publicly Released: Apr 22, 2002.

Additional Materials:

Contact:

Robert E. Levin
(202) 512-3519
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Space surveillance involves the continuous detection, tracking, identification, cataloging, and monitoring of man-made objects orbiting the earth, including active and inactive satellites and space debris from spent rocket bodies and fragmentation. The U.S. Space Command maintains and operates the network and provides surveillance data to the National Aeronautics and Space Administration (NASA), which makes the data available via its website. Space Command officials said that users with access to space surveillance data could attempt to damage or jam satellites or move military and other assets at appropriate times to avoid detection. These security risks exist because NASA does not verify the identity of their website users, and unauthorized countries can still obtain the data. Although NASA manually checks Internet addresses to determine the locality given when a user registers for space surveillance information, the actual origination of that Internet address cannot be verified because it is possible to access the NASA website through intermediary websites or an Internet service provider in a country that has not been proscribed.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: DOD concurred with GAO's recommendation. USSpaceCom was tasked to work with NASA to provide an updated risk assessment by September 30, 2002. On August 7, 2002, DOD's point of contact alerted GAO that the USSpaceCom study had been completed and is in final review. On September 9, 2002, the Commander of the U.S. Space Command issued a memo stating that the security review had been completed. No formal study report supporting this memo was prepared.

    Recommendation: Given the potential effects of unauthorized access to space surveillance data, the Secretary of Defense and the Administrator of the National Aeronautics and Space Administration (NASA) should conduct a risk-based sensitivity assessment of all space surveillance information available on the NASA Web site. In conducting this assessment, the Department of Defense and NASA should consult the appropriate intelligence agencies.

    Agency Affected: Department of Defense

  2. Status: Closed - Implemented

    Comments: NASA concurred with GAO's recommendation. NASA was tasked to work with USSpaceCom to provide an updated risk assessment by September 30, 2002. On August 7, 2002, DOD's point of contact alerted GAO that the USSpaceCom study had been completed and is in final review. On September 9, 2002, the Commander of the U.S. Space Command issued a memo stating that the security review had been completed. No formal study report supporting this memo was prepared.

    Recommendation: Given the potential effects of unauthorized access to space surveillance data, the Secretary of Defense and the Administrator of the National Aeronautics and Space Administration (NASA) should conduct a risk-based sensitivity assessment of all space surveillance information available on the NASA Web site. In conducting this assessment, the Department of Defense and NASA should consult the appropriate intelligence agencies.

    Agency Affected: National Aeronautics and Space Administration

  3. Status: Closed - Not Implemented

    Comments: According to a NASA official, as a result of GAO's recommendation, U.S. Space Command completed a security assessment of the space surveillance data that is posted on NASA's website in September 2002. Based on this assessment performed by U.S. Space Command, it concluded that the data available on the NASA web site poses no potential security risk. As such, NASA considers the recommendation to establish a process commensurate with risk to ensure that access to such information is controlled unnecessarily. NASA and DOD are taking no further action on this recommendation.

    Recommendation: In order to make NASA's restrictions to its Web site effective, the Administrator of NASA should establish a process, commensurate with the risk, to ensure that access to such information is controlled.

    Agency Affected: National Aeronautics and Space Administration

 

Explore the full database of GAO's Open Recommendations »

Sep 8, 2016

Jul 27, 2016

Jul 22, 2016

Jun 22, 2016

Mar 30, 2016

Feb 25, 2016

Dec 17, 2015

Dec 10, 2015

Oct 8, 2015

Looking for more? Browse all our products here