2009: NOAA had "significant" security weaknesses, per IG report
July 15, 2014 report: "Significant Security Deficiencies in NOAA's Information Systems Create Risks in its National Critical Mission," US Commerce Dept., Office of Inspector General.
Sept. 2014: NOAA computers were hacked by the Chinese
"A July (2014) report on
NOAA by the Inspector General for the Commerce Department--where NOAA
sits--criticized an array of "high-risk vulnerabilities" in the
security of NOAA’s satellite information and weather service systems. The
report echoed the views of a 2009 audit from the IG that said the
primary system that processes satellite data from two environmental and
meteorological systems had “significant security weaknesses, and that
“a security breach could have severe or catastrophic adverse effects.” The
watchdog’s previously unreleased report, obtained by the Post under a
Freedom of Information Act request, called for “immediate management
attention” and said NOAA’s security planning was so poor that the agency
had little idea how vulnerable its system was....The server had security protections, but the person compared the security to leaving a house protected by "just a screen door.""...
...................
Nov. 12, 2014, "Chinese hack U.S. weather systems, satellite network," Washington Post, by Mary Pat Flaherty, Jason Samenow, and Lisa Rein
"Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said.
The
intrusion occurred in late September but officials gave no indication
that they had a problem until Oct. 20,"...
[Ed. note: The Oct. 20 admission was only internally and to Congress. The truth wasn't admitted publicly until sometime in November.]
(continuing): "said three people familiar with
the hack and the subsequent reaction by the National Oceanic and
Atmospheric Administration, which includes the National Weather Service.
Even then, NOAA did not say its systems were compromised.
Officials also said that the agency did not notify the proper authorities when it learned of the attack.
NOAA officials declined to discuss the suspected source of the
attack, whether it affected classified data and the delay in
notification. NOAA said publicly last month that it was doing
“unscheduled maintenance” on its network, without saying a computer hack
had made that necessary.
In a statement released Wednesday, NOAA
spokesman Scott Smullen acknowledged the hacks and said “incident
response began immediately.” He said all systems were working again and
that forecasts were accurately delivered to the public. Smullen declined
to answer questions beyond his statement, citing an investigation into
the attack.
Determining the origin of cyberattacks is difficult, experts said,
and Chinese officials have denied repeated accusations that they intrude
in U.S. government computer systems for espionage or other purposes.
Geng
Shuang of the Chinese Embassy said the consulate was not aware of the
case and had not been contacted by the U.S. government about the
attacks.
“Cyberattack is quite common in today’s cyberspace,” he
said. “Jumping to conclusions on its origin without hard evidence is not
responsible at all.” The embassy also urged “relevant U.S. parties to
stop this kind of unfounded accusation.”
But NOAA confirmed to
Rep. Frank R. Wolf (R-Va.) that China was behind the attack, the
congressman said. Wolf has a long-standing interest in cybersecurity and
asked NOAA about the incident after an inquiry from The Washington
Post.
“NOAA told me it was a hack and it was China,” said Wolf,
who also scolded the agency for not disclosing the attack “and
deliberately misleading the American public in its replies.”
“They had an obligation to tell the truth,” Wolf said. “They covered it up.”
Commerce
Department Inspector General Todd Zinser said his office was not
notified of the breach until Nov. 4, well after he believes the hack
occurred. He said that is a violation of agency policy requiring any
security incident to be reported to his office within two days of
discovering the problem.
“We’re in the process of
looking into the matter, including why NOAA did not comply with the
requirements to notify law enforcement about the incident,” Zinser said.
Wolf said he did not know if the breach involved classified material or what information was accessed.
Confirmation of the NOAA hack followed an admission Monday by the U.S. Postal Service
that a suspected Chinese attack--also in September--compromised data
on 800,000 employees, including letter carriers on up through the
postmaster general.
NOAA officials also would not say whether the
attack removed material or inserted malicious software in its system,
which is used by civilian and military forecasters in the United States
and also feeds weather models at the main centers for Europe and Canada.
NOAA’s National Ice Center Web site also was down for a week in late October. The center is a partnership with the Navy and Coast Guard to monitor conditions for navigation.
The two-day outage skewed the accuracy of National Weather Service long-range forecasts slightly, according to NOAA.
The attack in September hit a Web server that connects to many NOAA computers, said one person familiar with the incursion. The server had security protections, but the person compared the security to leaving a house protected by “just a screen door.”
Smullen’s statement said that four sites were hit by the breach.
Weather
satellites orbit hundreds to thousands of miles above Earth and offer
continuous views of weather systems, such as hurricanes, thunderstorms
and cold fronts, while also measuring temperature and moisture at
different altitudes — all crucial bits that feed prediction models. To
get that information to the public, NOAA makes satellite data and
imagery publicly available through the Web, as well as file-transfer
networks for downloads.
NOAA has characterized its decision to
cut off satellite images as causing minimal disruption. But it has
previously touted those same systems as intrinsic to the nation’s
“environmental intelligence.”
NOAA satellites “provide critical
data for forecasts and warnings that are vital to every citizen and to
our economy as a whole,” NOAA Administrator Kathryn D. Sullivan said a
year ago.
Wolf said a hack could steal technical insights or cull
isolated information “that may not look significant until they’re put
with something else and then they become valuable.”
“The Chinese are stealing us blind,” Wolf said.
The
attack on NOAA joins a spate of cyber-espionage on federal systems
revealed recently, including an attack suspected from Russia that breached unclassified White House computer networks.
The
October satellite data outage meant that the National Weather Service
and centers around the world did not receive large amounts of
information.
“All the operational data sent via NOAA, which is
normally an excellent service, was lost,” said Stephen English, head of
the satellite section at the European Centre for Medium-Range Weather
Forecasts in Reading, England. The center is renowned for running a
highly advanced global weather prediction model that during Hurricane
Sandy in 2012, for example, aided evacuations and preparations in the
United States when it signaled that the superstorm would hit land rather
than hook out to sea.
The Rutgers University Global Snow Lab,
which provides daily snow cover updates for researchers and forecasters
using a data feed from the Ice Center, posted a notice on its Web site
that its reports were incomplete throughout the outage.
A July report on
NOAA by the Inspector General for the Commerce Department--where NOAA
sits--criticized an array of “high-risk vulnerabilities” in the
security of NOAA’s satellite information and weather service systems.
The
report echoed the views of a 2009 audit from the IG that said the
primary system that processes satellite data from two environmental and
meteorological systems had “significant” security weaknesses, and that
“a security breach could have severe or catastrophic adverse effects.”
The
watchdog’s previously unreleased report, obtained by The Post under a
Freedom of Information Act request, called for “immediate management
attention” and said NOAA’s security planning was so poor that the agency
had little idea how vulnerable its system was."
................................
Additional reference on Nov. 2014 Washington Post NOAA hacking story:
11/13/2014, "NOAA Misled Congress About Hack From China, Finally Owns up to Breach," DailyTech, Jason Mick
"Auditors from Commerce Department had been complaining since 2009 about weak security, but NOAA did little, if anything"....
III. "A person familiar with the inner workings of the
NOAA's network, said the hackers targeted a central system that was
connected to many data networks. While such a critical system might be
expected to tightly protected, instead, the source said, it had the
security equivalent of "just a screen door.""
IV. "China and the U.S. have been at odds in recent months
over cybersecurity, with the Obama administration going as far as to
charge Chinese military officers in mainland China with hacking charges,
a mostly theatrical if punitive move. China responded by threatening
to ban or further restrict American technology product sales in mainland
China.
The Obama administration and China did seem to mend broken fences somewhat this week, though, signing a major climate deal."...
........
..............................
Added: More from Rep. Frank Wolf (mentioned in Wash. Post article) about how easy it is to hack US entities: “If you are a major law firm and you’re working on a trade case with
China, they’ll strip your computers.”
US Rep. Frank Wolf-R served 34 years in congress, Jan. 1981 -Jan. 2015, for Virginia's 10th district:
11/14/2014, "Rep. Wolf: Chinese Hackers ‘Literally Taking Whatever They Want’," CNS News, Barbara Hollingsworth
"Washington is not doing nearly enough to stop Chinese hackers, who reportedly broke into the
National Oceanic and Atmospheric Administration’s (NOAA) computer
system in September, from stealing critical information from U.S.
government agencies and American businesses, says Rep. Frank Wolf
(R-VA).
“They have a more sophisticated spying apparatus than the KGB had,” Wolf told CNSNews.com.
“We’re losing jobs, technology, everything is leaving. It’s like
they’re coming in and literally taking whatever they want to take....
“And you don’t see a coordinated effort either from the Congress or from the administration.”...
“If you are a major law firm and you’re working on a trade case with
China, they’ll strip your computers,” said the Virginia Republican, who
is retiring this year after serving in the House since 1980. "...
..................
Added: NASA was hacked 13 times in 2011:
Foreign governments have no need to hack US government computers. They know they can take what they want: Reuters, BBC:
3/2/2012, “NASA says it was hacked 13 times last year,” Reuters
“NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.”…
....................
NASA had been warned in 2009 that it was failing to take steps needed to protect its information: BBC
11/15/2012, “NASA to encrypt data after its latest laptop loss,” BBC
NASA "had been warned in 2009 that it was not taking
enough steps to sufficiently protect information.""
...........
=============
.....
March 2012 article-NASA chief Bolden says he's "going to sign a directive" ordering NASA portable devices to use encryption. As of November 2012, still no encryption. "Bolden also said that most attacks are "by kids who are just trying to impress people.""
3/21/2012, "Hearing Notes: Charles Bolden Testifies on NASA's FY 2013 Budget," spaceref.com, Keith Cowing
"When (Rep.) Wolf mentioned the recent NASA IG report on computer security and
the spate of incidents, Bolden said that he was going to sign a directive, and that all portable devices would use encryption. He said he
should have known better and that it was his fault that this had not
been implemented sooner. Bolden said that he had talked to his staff and
that when compared to other agencies IT security that NASA was
"woefully deficient". Bolden also said that most attacks are "by kids who are just trying to impress people."
Bolden said that his IG had told
him that it would be a simple matter for him to tell his staff to
encrypt everything - but his staff is spread across NASA and each center
has different requirements. When Rep. Wolf asked Bolden if he needed
Congressional language to direct him Bolden said "OH, NO NO" and that he
had enough direction already."...
===========
November 2012: Still no encryption for NASA computers as promised in March 2012. Had been warned in 2009, did nothing. Between 4/2009 and 4/2011, 48 NASA devices--unencrypted-- were lost or stolen:
11/15/2012, “NASA to encrypt data after its latest laptop loss,” BBC
.......................
Added: NOAA has been a deeply corrupt rogue operation for many years. July 2010 article mentions IG Todd Zinser who also appears in Nov. 2014 Washington Post article above about NOAA corruption:
July 1, 2010, "Audit cites wide fund abuse by NOAA cops," Gloucester Times, Richard Gaines
"Tens
of millions in fines levied against U.S. commercial fishermen held in
an unrecorded account were used by the fisheries law enforcement
division of the National Oceanic and Atmospheric Administration to fuel
extravagant purchases and foreign travel, according to a forensic audit
for a U.S. inspector general made public Thursday.
Among
the discoveries by the accounting firm KPMG, brought in by Department
of Commerce's IG's office, was that NOAA police own more vehicles "by a
substantial margin" than they have officers — 202 vehicles for 172
officers.
The
audit also found multiple purchases on the same day from the same
vendor, six-figure overseas' convention spending and the purchase of 22
vessels — including a $300,000 "undercover" vessel described by the
manufacturer as "luxurious," with a "beautifully appointed cabin."
All
of those purchases bypassed internal review, the audit found.
In
all, the mess of an asset forfeiture fund — used by the police and
legal divisions — was of a magnitude greater than estimated by the
initial investigators of IG Todd Zinser.
While
the Asset Forfeiture Fund was loosely estimated last spring to involve
$8.5 million, the forensic audit concluded that NOAA fisheries law
enforcement may have brought in as much as $96 million over 41/2 years through June 2009 and spent $49 million via more than 82,000 transactions.
Although
the investigation of the fund covers only as far back as January 2005,
the police chief, Dale Jones, was appointed in 1999 late in the
administration of President Bill Clinton.
Jones
apparently was removed from his office — if not the payroll — in March after Zinser announced at a congressional oversight hearing here in
Gloucester, the epicenter of resistance to NOAA law enforcement and
fisheries management policies, that his teams had evidence Jones misused
the fund for personal overseas travel.
The
next day, at a different oversight hearing into NOAA law enforcement
abuses in Washington, Zinser made another major accusation — that Jones
had ordered the shredding of documents while the IG's investigation was
nearing its conclusion.
The
only subsequent notice of the law enforcement scandal that followed,
however, was a cryptic announcement from NOAA that a career fisheries
manager had been named acting head of law enforcement. The announcement
of the departmental change did not even mention Jones' name.
NOAA
Chief Counsel Lois Schiffer and Eric Schwaab, who heads NOAA Fisheries
for chief administrator Jane Lubchenco, announced after the IG's
preliminary report of police abuses that there would be no looking back
or effort to rectify past miscarriages of justice.
NOAA
has also fought against Freedom of Information Act requests by the
Times seeking official clarification of whether Jones remains on the
federal payroll.
Lubchenco
did not respond to an invitation to comment Thursday, but NOAA released
a statement saying the agency "expected this review, appreciates the
level of detail it provides and is evaluating the data and results
carefully."
"Based
upon the earlier IG input and public feedback, NOAA has already taken
action to improve policies, management processes and internal controls
of the fund," NOAA said.
'Why aren't they in jail'?
The reaction of others Thursday was very different.
"My
question is, why are these people not in jail?" said attorney Stephen
Ouellette, who maintains an Atlantic Coast fishing and maritime practice
and began documenting violations of individual rights and high seas
police excesses in letters to Congress dating back a decade.
"There're
not very nice people, are they?" said Lawrence Ciulla, president of the
Gloucester Seafood Display Auction, the family business that keys the
fishing port economy in Gloucester.
"This
latest in a series of reports by the Inspector General appears to be
yet another vindication of allegations the industry has been making for
several years, namely that NOAA enforcement agents and general counsel
are perversely incentivized to seek fines and forfeitures grossly
disproportionate to relatively minor or technical violations of complex
and ever changing regulations," said auction defense attorney Paul
Muniz.
Congressman
John Tierney said yesterday he intends to introduce legislation to
prevent future misuse of the NOAA Asset Forfeiture Fund and support
fishermen who have been cleared of wrongful allegations by NOAA.
"Today,
we received further evidence of the NOAA's misuse of authority,"
Tierney said. "It is essential that we end this culture of no
accountability at NOAA and take the appropriate steps to ensure fairness
and economic stability for our fishing community."
NOAA police 'slush fund'
Delegate
Madeleine Bordallo of Guam, who chairs a fisheries subcommittee of the
House Commerce Committee and had the gavel on March 3 when Zinser said
under oath that Jones had authorized a mass document shredding, said she
views the audit as spotlighting a NOAA enforcement "slush fund."
In
her statement, she said the asset forfeiture account "was never meant
to be a slush fund for bureaucrats to go on a spending spree with a
limitless credit card — and it is of the utmost importance that NOAA
establish transparent guidelines for how this fund can be used."
Still to come from Zinser is a report on specific cases and the follow up on the reported document shredding.
The
Asset Forfeiture Fund — built with fines paid by fishermen for alleged
violations of NOAA regulatory mandates — was "more an abstract concept
than a tangible entity within NOAA," the new audit found.
So
extensive was the problem that KPMG's contract with the IG's office
expired before the global accounting firm could begin identifying
specific irregularities, Zinser's summary indicated.
The
results were seen Thursday as another powerful vindication for
fishermen and others in the industry, who for years had complained to
Congress and the NOAA hierarchy about abuse of authority,
grudge-settling and harassment on the part of agents--all to no avail.
Probe started here
The
Inspector General's Office began a national investigation one year ago
in Gloucester and elsewhere in Massachusetts, and reported in January
that NOAA police, primarily criminal specialists hired by Jones working
in a field that is largely administrative, had wrongly treated bland
oversights in reporting as if they were criminal conspiracies.
The
worst excesses were found in the Gloucester-based law and police
sections, from which the entire New England and Mid-Atlantic states are
governed.
The
turning point came last year (2009) after the No. 1 target of the police and
legal offices here in Gloucester announced a third effort to punish the
Gloucester Seafood Display Auction, which had refused to accede in two
earlier cases.
Instead,
after NOAA announced a 53-count allegation against the No. 1 sales
platform for fish caught in the Gulf of Maine, its advocates —
especially state Rep. Ann-Margaret Ferrante and Sen. Bruce Tarr —
organized a plea for intervention from the leadership of the state
legislature to halt the agents' "vindictive" law enforcement.
The
cries for relief brought the congressional delegation into action, and
that pressure ultimately pushed NOAA's Lubchenco to call for the
Commerce Department's Inspector General to step in.
Under
the administrative law system used against the fishing industry, the
NOAA administrator serves as the appeals judge for cases tried in the Coast Guard administrative law system.
And in April 2009, Lubchenco
upheld a finding of her predecessor at the top of NOAA against the
auction, despite its having won a dismissal at trial.
That
finding by Lubchenco gave her regional fisheries police and litigators
the material to claim the auction was facing a punitive shutdown at the
hands of the federal agency.
Gloucester
agent-in-charge Andy Cohen leaked information to the Boston Globe that,
because of the new charges, the auction was facing temporary shutdown.
But with the auction case in court, no shutdown ever occurred. and U.S.
District Judge Douglas Woodlock chastised Cohen for his actions."
......................
.............
Feb. 2011, CBS News gives some air time to scandals at NOAA Fisheries Management. Unfortunately, since CBS "put this piece in the can, the Secretary of Commerce has reneged on his pledge to review previous fines and has severely limited the Special Master's scope of remedies."
2/17/2011, "CBS News takes NOAA Fisheries Management to the woodshed"
"Wow! What a nice job by CBS News, Armen Keteyian, and Katie Couric.
On 16 February, CBS News devoted some four minutes to an investigative piece into the scandal that should have rocked NOAA and the Obama administration last fall....
CBS addressed the NOAA Law Enforcement "Shredding Party" where the director of
- NOAA's Office of Law Enforcement shredded some 70-80% of his documents before the IG ever got to see them....
CBS showed a clip
of [Republican] Senator Grassley, who said, "I want to make sure that heads roll...because in a bureaucracy, if heads don't roll, you don't change
behavior."
- Nicely said, Senator, but no heads have rolled and apparently none will.
..........................................
"Fishing jobs are gone; NOAA jobs are not. The number of regulators and observers assigned to each fisherman has increased dramatically."
Sept. 2011, New England fishermen begged Obama for help via full page newspaper ad, hoping to catch his attention during his Martha's Vineyard stay. They received zero response.
9/22/2011, "Death of an Industry: The President's Impoverishment of America's Fishermen," American Thinker, Mike Johnson
"While Obama vacationed on Martha's Vineyard last year, "the fishermen of New England ran a full-page ad in the Vineyard Gazette titled "Mr. President, We Need Your Help." The fishermen came to the Vineyard in their boats and paraded in the harbor to emphasize their plight. The American Thinker ran a piece on the events.
The ad was in the form of a letter from Russell Sherman, the captain of the fishing vessel Lady Jane
out of Gloucester, MA. The letter was well-written, elegant in its
simplicity and comprehensive in its content, befitting Captain Sherman's
Harvard education. It read in part:
"My business is only one of hundreds facing extinction. While there will be a small handful of "winners" under these new rules [Catch Shares] [eff. 5/1/10], the vast majority of us will be losers.
And when we "losers" are forced out, jobs will be lost, coastal
communities gutted, and crucial commercial fishing infrastructure gone
forever. ...
Mr. President, we desperately need your leadership."...
How much help did the fishermen get from the president? None! Nada! Not even an acknowledgement of their efforts. Not even a receipt from the White House for the copy of the letter they sent directly to the president by "Certified Mail, Return Receipt Requested."...
The heavy-handed regulatory management continues, as shown by a recent independent review by Preston Pate. Fishing jobs are gone; NOAA jobs are not. The number of regulators and observers assigned to each fisherman has increased dramatically. Needless to say, this is not the help the fishermen were seeking.
The lawsuit brought by the fishermen based on NOAA exceeding their mandate in imposing catch shares has been rejected based on NOAA having the authority to do just about whatever they please. See Dr. Briand Rothschild's "Fish, the Intent of Congress, and Jobs" and the related American Thinker piece.
Catch allocations, the key to successful fishing under catch shares, remain extremely low because of the government's uncertainty in its science. See the Massachusetts Marine Fisheries Institute (MFI) study report....
Fishing as a way of life has endured for four centuries along the coast of New England. Turning the fisheries into a commodities-based enterprise is tantamount to
- the destruction of the fishing community and its culture."
.......................
Comment: As described, in late summer 2011, New England fishermen chipped in on a full page ad begging Obama for help and got zero results. If you thought Obama was going to respond to abused New England fishermen or that he could ever be a "leader" of anything except ginning up hatred, you're seriously disconnected from reality. Not that voting Republican through 2014 would've meant better results. (Hence the reason for Trump in 2016): "The
mistreatment of fishermen has been independent of the party in
power,
although Obama has exacerbated the problem by ceding NOAA to the
environmentalists with the appointment of Dr. Lubchenco."
The entire globalist political class is America "last:" open borders, massive so-called free trade deals
(investor protection rackets), endless neocon foreign wars paid for by US
taxpayers, endless flow of US made weapons to every human being in violent foreign hell holes, and an endless stream into US
neighborhoods of "refugees" from violent cultures produced by endless foreign wars.
........................
We are having huge sign problems now in Brevard county Florida! Every Republican candidate is being taken now “not just Trump and Pence”. But little do they know we just got a shitload more signs today that we are attaching a little gift for the sign thieves."