Skip to main content

Space Surveillance Network: Appropriate Controls Needed Over Data Access

GAO-02-402RNI Published: Apr 22, 2002. Publicly Released: Apr 22, 2002.
Jump To:
Skip to Highlights

Highlights

Space surveillance involves the continuous detection, tracking, identification, cataloging, and monitoring of man-made objects orbiting the earth, including active and inactive satellites and space debris from spent rocket bodies and fragmentation. The U.S. Space Command maintains and operates the network and provides surveillance data to the National Aeronautics and Space Administration (NASA), which makes the data available via its website. Space Command officials said that users with access to space surveillance data could attempt to damage or jam satellites or move military and other assets at appropriate times to avoid detection. These security risks exist because NASA does not verify the identity of their website users, and unauthorized countries can still obtain the data. Although NASA manually checks Internet addresses to determine the locality given when a user registers for space surveillance information, the actual origination of that Internet address cannot be verified because it is possible to access the NASA website through intermediary websites or an Internet service provider in a country that has not been proscribed.

Recommendations

Recommendations for Executive Action

Agency Affected Sort descending Recommendation Status
Department of Defense Given the potential effects of unauthorized access to space surveillance data, the Secretary of Defense and the Administrator of the National Aeronautics and Space Administration (NASA) should conduct a risk-based sensitivity assessment of all space surveillance information available on the NASA Web site. In conducting this assessment, the Department of Defense and NASA should consult the appropriate intelligence agencies.
Closed – Implemented
DOD concurred with GAO's recommendation. USSpaceCom was tasked to work with NASA to provide an updated risk assessment by September 30, 2002. On August 7, 2002, DOD's point of contact alerted GAO that the USSpaceCom study had been completed and is in final review. On September 9, 2002, the Commander of the U.S. Space Command issued a memo stating that the security review had been completed. No formal study report supporting this memo was prepared.
National Aeronautics and Space Administration Given the potential effects of unauthorized access to space surveillance data, the Secretary of Defense and the Administrator of the National Aeronautics and Space Administration (NASA) should conduct a risk-based sensitivity assessment of all space surveillance information available on the NASA Web site. In conducting this assessment, the Department of Defense and NASA should consult the appropriate intelligence agencies.
Closed – Implemented
NASA concurred with GAO's recommendation. NASA was tasked to work with USSpaceCom to provide an updated risk assessment by September 30, 2002. On August 7, 2002, DOD's point of contact alerted GAO that the USSpaceCom study had been completed and is in final review. On September 9, 2002, the Commander of the U.S. Space Command issued a memo stating that the security review had been completed. No formal study report supporting this memo was prepared.
National Aeronautics and Space Administration In order to make NASA's restrictions to its Web site effective, the Administrator of NASA should establish a process, commensurate with the risk, to ensure that access to such information is controlled.
Closed – Not Implemented
According to a NASA official, as a result of GAO's recommendation, U.S. Space Command completed a security assessment of the space surveillance data that is posted on NASA's website in September 2002. Based on this assessment performed by U.S. Space Command, it concluded that the data available on the NASA web site poses no potential security risk. As such, NASA considers the recommendation to establish a process commensurate with risk to ensure that access to such information is controlled unnecessarily. NASA and DOD are taking no further action on this recommendation.

Office of Public Affairs

Topics

Computer securityDefense operationsInformation resources managementInternetMonitoringSatellitesWebsitesSpace surveillanceAeronauticsSecurity risks