NASA has released the findings from its investigation of the ill-fated crewed Boeing Starliner mission of 2024, and while it still isn’t sure of the root technical causes, it’s admitted that trusting Boeing to do a thorough job appears to have been a mistake. 

NASA administrator Jared Isaacman copped to leadership failures across the org during a press conference on Thursday, explaining that while there were definitely technical issues with Starliner during the manned flight that left astronauts Butch Wilmore and Suni Williams stranded on the International Space Station for months, those technical issues only arose because of leadership and oversight failures. 

“We returned the crew safely, but the path we took did not reflect NASA at our best,” Isaacman said. The NASA chief added that it was down to flight controllers and crew making the right decisions that resulted in the astronauts arriving safely on the ISS. 

“Had different decisions been made … the outcome of this mission could have been very different,” Isaacman said. 

NASA’s 311-page report [PDF] on the issue references known technical issues with Starliner, but puts the mission failure, which NASA has declared a type-A mishap, [PDF] down to organizational issues.

Problems with the craft itself included inadequate testing of Starliner’s propulsion system, low telemetry rates, and a lack of onboard data storage during two prior orbital flight tests resulting in insufficient flight data to properly diagnose anomalies, which in turn led to unexplained anomaly acceptance without root cause resolution. 

As for cultural issues at NASA, the space org admitted it had limited insight into subcontractor-level data, leaving it unable to verify the readiness of Starliner’s systems. In addition, schedule pressure “dictated a restrictive risk reduction initiative,” and the Commercial Crew Program’s (CCP) shared accountability model “was poorly understood and inconsistently applied,” leading to a lack or ownership of critical issues. 

“You can see in the report that inadequately-applied insight and lack of oversight … is because we had very high confidence in the manufacturer based on their past performance on other programs,” Isaacman said. Oops.

NASA further said in the report that the CCP’s emphasis on provider (i.e., Boeing) autonomy clashed with “NASA’s traditional culture of technical rigor,” and that CCP and Boeing’s leadership was perceived by NASA as “overly risk-tolerant and dismissive of dissenting views.” 

Organizationally, NASA concluded, it was too hands-off on Starliner’s development, Boeing was too reliant on subcontractors and had inadequate systems engineering, and the CCP was more focused on Starliner’s success than ensuring that the craft was safe. 

NASA didn’t push back on those cultural clashes enough, as Isaacman explained, leaving two astronauts lucky to be alive. 

“NASA permitted overarching programmatic objectives of having two providers capable of transporting astronauts to-and-from orbit, influence engineering and operational decisions, especially during and immediately after the mission,” Isaacman said. “We are correcting those mistakes.” 

Neither Isaacman nor associate NASA administrator Amit Kshatriya answered questions about whether there would be actual penalties or leadership shakeups at NASA or Boeing as a result of the clash of cultures and systemic failures at both organizations. The pair did make clear that NASA intends to continue with Starliner, and Boeing’s statement to The Register echoed the same. 

“In the 18 months since our test flight, Boeing has made substantial progress on corrective actions for technical challenges we encountered and driven significant cultural changes across the team that directly align with the findings in the report,” Boeing told us. “We’re working closely with NASA to ensure readiness for future Starliner missions and remain committed to NASA’s vision for two commercial crew providers.”

The report, and criticisms of CCP as prioritizing “provider success over technical rigor” raise another question: Is the CCP the safest and most effective approach to the future of the US space program when there’s a perfectly good, NASA-managed rocket in the form of the Space Launch System, which is preparing to eventually take astronauts back to the Moon? 

We put those questions to Isaacman, and he was unequivocal: CCP isn’t going anywhere.

“CCP is a very successful program,” Isaacman said. “It helped return American spaceflight capability after more than a decade after the Space Shuttle was retired.”

Isaacman said that NASA has been leveraging private industry expertise since the beginning of the space program. He didn’t directly address the question of whether allowing private industry to do the work itself was the best approach in light of NASA’s own admitted CCP culture failures. 

“Relying on industry to get us there is one of our strengths,” Isaacman said, before adding that NASA has work to do, too. “There are certainly things we can do better here to achieve our objectives, and step one is the conversation we’re having today.” ®

A cybersecurity official at the State Department called for the public and private sector to more tightly coordinate plans to transition their systems, devices and data to quantum-resistant encryption algorithms.

Gharun Lacy, Deputy Assistant Secretary for the Cyber and Technology Security Directorate at the Department of State, issued a challenge for cybersecurity defenders to view their own individual “post-quantum” encryption plans as a small part in a greater collective project to make the entire digital ecosystem more resilient against longer-term threats like quantum-enabled cyberattacks.

With adversaries like China able to target “entire ecosystems” for digital compromise, Lacy argued for the industries and sectors being plundered to come together in shared interest and create strong and consistent protections across society. In that context, modernization is about more than upgrading your technology or encryption.

“We have to defend holistically as an ecosystem,” said Lacy while speaking at CyberTalks, presented by CyberScoop, in Washington D.C. Thursday. “The organization that goes by themselves in modernization will not succeed.”

The State Department is exploring the potential for predictive attack chain analysis, using historical telemetry and planning to predict “where we’re going to be in the future.” Other countries are doing the same, he said, underscoring how challenges like data harvesting must be addressed for national security purposes.

Modernization plans must do more than update technology to perform the same security functions more effectively. They should also reshape the threat surface while “breaking some of the tendencies that are predictable from our historical data.”

“It’s not just about modernizing hardware, it’s not just about implementing AI faster,” said Lacy. “It’s about injecting that little segment of randomness that means the adversary that’s reading, 10, 20 years of our history cannot use that to deduce” our plans.

U.S. federal agencies and the private sector are working broadly towards the goal of having most or all high-risk systems, data and devices transitioned to newer post-quantum algorithms by 2035. This reflects the long-term nature of the threat, as no one can say for certain when a quantum computer capable of breaking some classical forms of encryption will arrive.

But the Trump administration and private sector cybersecurity officials have been mulling whether the risks around data harvesting and recent advances in quantum computing may merit faster timelines.

Lacy said the risk organizations face around data harvesting – or foreign nations collecting encrypted data today to break later with a quantum computer — will be “like an accordion,” presenting a threat that stretches across time. Individual organizations will need to do more than work with each other to execute their post quantum cryptographic plans. They will have to do it across generations, meaning “we cannot shift priority just because our leadership changes.”

“When you look at long horizon priorities of a nation state actor like China, that means that your data and the risk it poses to you will now outlive leadership cycles,” said Lacy.

Ravie LakshmananFeb 19, 2026Vulnerability / Network Security

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges.

Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud.

The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0

“Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network,” Microsoft said in an advisory released on February 17, 2026. “The attacker would gain the rights of the user that is running the affected application.”

Microsoft credited Semperis researcher Andrea Pierini with discovering and reporting the vulnerability. It’s worth mentioning that the security issue was patched by the tech giant in Windows Admin Center version 2511 released in December 2025. 

While the Windows maker makes no mention of this vulnerability being exploited in the wild, it has been tagged with an “Exploitation More Likely” assessment.

Technical details related to CVE-2026-26119 are presently under wraps, but that could change soon. In a post shared on LinkedIn, Pierini said the vulnerability could “allow a full domain compromise starting from a standard user” under certain conditions.