An Audit Report by NASA’s Office of Inspector General found that “six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable. Moreover, once inside the Agency-wide mission network, the attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations.”
The IG report warned that “the Agency is vulnerable to computer incidents that could have a severe to catastrophic adverse effect on Agency assets, operations, or personnel.”
One the Report’s two recommendations was for NASA to “Add as a security control continuous monitoring of their mission computer networks for Internet-accessible computers and take prompt action to mitigate identified risks.”
Attached below is the complete audit report.