News that doesn't receive the necessary attention.

Saturday, October 29, 2016

NOAA was warned in 2009 of 'significant' security weaknesses, by July 2014 still hadn't corrected them, and in Sept. 2014 was hacked by the Chinese. NOAA failed to report the attack to Commerce Dept. IG until Nov. 4, first hid event from public by saying systems were down for 'unscheduled maintenance'-Washington Post, Nov. 2014

2009: NOAA had "significant" security weaknesses, per IG report

July 15, 2014 report: "Significant Security Deficiencies in NOAA's Information Systems Create Risks in its National Critical Mission," US Commerce Dept., Office of Inspector General.  

Sept. 2014: NOAA computers were hacked by the Chinese

"A July (2014) report on NOAA by the Inspector General for the Commerce Department--where NOAA sits--criticized an array of "high-risk vulnerabilities" in the security of NOAA’s satellite information and weather service systems. The report echoed the views of a 2009 audit from the IG that said the primary system that processes satellite data from two environmental and meteorological systems had “significant security weaknesses, and that “a security breach could have severe or catastrophic adverse effects.” The watchdog’s previously unreleased report, obtained by the Post under a Freedom of Information Act request, called for “immediate management attention” and said NOAA’s security planning was so poor that the agency had little idea how vulnerable its system was....The server had security protections, but the person compared the security to leaving a house protected by "just a screen door.""...


Nov. 12, 2014, "Chinese hack U.S. weather systems, satellite network," Washington Post,

Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said.

The intrusion occurred in late September but officials gave no indication that they had a problem until Oct. 20,"...

[Ed. note: The Oct. 20 admission was only internally and to Congress. The truth wasn't admitted publicly until sometime in November.]

(continuing): "said three people familiar with the hack and the subsequent reaction by the National Oceanic and Atmospheric Administration, which includes the National Weather Service. Even then, NOAA did not say its systems were compromised.

Officials also said that the agency did not notify the proper authorities when it learned of the attack.

NOAA officials declined to discuss the suspected source of the attack, whether it affected classified data and the delay in notification. NOAA said publicly last month that it was doing “unscheduled maintenance” on its network, without saying a computer hack had made that necessary. 

In a statement released Wednesday, NOAA spokesman Scott Smullen acknowledged the hacks and said “incident response began immediately.” He said all systems were working again and that forecasts were accurately delivered to the public. Smullen declined to answer questions beyond his statement, citing an investigation into the attack.

Determining the origin of cyber­attacks is difficult, experts said, and Chinese officials have denied repeated accusations that they intrude in U.S. government computer systems for espionage or other purposes. 

Geng Shuang of the Chinese Embassy said the consulate was not aware of the case and had not been contacted by the U.S. government about the attacks.

Cyberattack is quite common in today’s cyberspace,” he said. “Jumping to conclusions on its origin without hard evidence is not responsible at all.” The embassy also urged “relevant U.S. parties to stop this kind of unfounded accusation.” 

But NOAA confirmed to Rep. Frank R. Wolf (R-Va.) that China was behind the attack, the congressman said. Wolf has a long-standing interest in cybersecurity and asked NOAA about the incident after an inquiry from The Washington Post.

NOAA told me it was a hack and it was China,” said Wolf, who also scolded the agency for not disclosing the attack “and deliberately misleading the American public in its replies.

“They had an obligation to tell the truth,” Wolf said. “They covered it up.”

Commerce Department Inspector General Todd Zinser said his office was not notified of the breach until Nov. 4, well after he believes the hack occurred. He said that is a violation of agency policy requiring any security incident to be reported to his office within two days of discovering the problem.
“We’re in the process of looking into the matter, including why NOAA did not comply with the requirements to notify law enforcement about the incident,” Zinser said.

Wolf said he did not know if the breach involved classified material or what information was accessed.

Confirmation of the NOAA hack followed an admission Monday by the U.S. Postal Service that a suspected Chinese attack--also in September--compromised data on 800,000 employees, including letter carriers on up through the postmaster general.

NOAA officials also would not say whether the attack removed material or inserted malicious software in its system, which is used by civilian and military forecasters in the United States and also feeds weather models at the main centers for Europe and Canada.

NOAA’s National Ice Center Web site also was down for a week in late October. The center is a partnership with the Navy and Coast Guard to monitor conditions for navigation.

The two-day outage skewed the accuracy of National Weather Service long-range forecasts slightly, according to NOAA.

The attack in September hit a Web server that connects to many NOAA computers, said one person familiar with the incursion. The server had security protections, but the person compared the security to leaving a house protected by “just a screen door.” 

Smullen’s statement said that four sites were hit by the breach.

Weather satellites orbit hundreds to thousands of miles above Earth and offer continuous views of weather systems, such as hurricanes, thunderstorms and cold fronts, while also measuring temperature and moisture at different altitudes — all crucial bits that feed prediction models. To get that information to the public, NOAA makes satellite data and imagery publicly available through the Web, as well as file-transfer networks for downloads.

NOAA has characterized its decision to cut off satellite images as causing minimal disruption. But it has previously touted those same systems as intrinsic to the nation’s “environmental intelligence.”

NOAA satellites “provide critical data for forecasts and warnings that are vital to every citizen and to our economy as a whole,” NOAA Administrator Kathryn D. Sullivan said a year ago. 

Wolf said a hack could steal technical insights or cull isolated information “that may not look significant until they’re put with something else and then they become valuable.”

“The Chinese are stealing us blind,” Wolf said. 

The attack on NOAA joins a spate of cyber-espionage on federal systems revealed recently, including an attack suspected from Russia that breached unclassified White House computer networks.

The October satellite data outage meant that the National Weather Service and centers around the world did not receive large amounts of information.

“All the operational data sent via NOAA, which is normally an excellent service, was lost,” said Stephen English, head of the satellite section at the European Centre for Medium-Range Weather Forecasts in Reading, England. The center is renowned for running a highly advanced global weather prediction model that during Hurricane Sandy in 2012, for example, aided evacuations and preparations in the United States when it signaled that the superstorm would hit land rather than hook out to sea. 

The Rutgers University Global Snow Lab, which provides daily snow cover updates for researchers and forecasters using a data feed from the Ice Center, posted a notice on its Web site that its reports were incomplete throughout the outage.

A July report on NOAA by the Inspector General for the Commerce Department--where NOAA sits--criticized an array of “high-risk vulnerabilities” in the security of NOAA’s satellite information and weather service systems.

The report echoed the views of a 2009 audit from the IG that said the primary system that processes satellite data from two environmental and meteorological systems had “significant” security weaknesses, and that “a security breach could have severe or catastrophic adverse effects.”

The watchdog’s previously unreleased report, obtained by The Post under a Freedom of Information Act request, called for “immediate management attention” and said NOAA’s security planning was so poor that the agency had little idea how vulnerable its system was."

Additional reference on Nov. 2014 Washington Post NOAA hacking story: 

11/13/2014, "NOAA Misled Congress About Hack From China, Finally Owns up to Breach," DailyTech, Jason Mick

"Auditors from Commerce Department had been complaining since 2009 about weak security, but NOAA did little, if anything"....

III. "A person familiar with the inner workings of the NOAA's network, said the hackers targeted a central system that was connected to many data networks.  While such a critical system might be expected to tightly protected, instead, the source said, it had the security equivalent of "just a screen door."" 

IV. "China and the U.S. have been at odds in recent months over cybersecurity, with the Obama administration going as far as to charge Chinese military officers in mainland China with hacking charges, a mostly theatrical if punitive move.  China responded by threatening to ban or further restrict American technology product sales in mainland China.

The Obama administration and China did seem to mend broken fences somewhat this week, though, signing a major climate deal."...


Added: More from Rep. Frank Wolf (mentioned in Wash. Post article) about how easy it is to hack US entities: If you are a major law firm and you’re working on a trade case with China, they’ll strip your computers.

US Rep. Frank Wolf-R served 34 years in congress, Jan. 1981 -Jan. 2015, for Virginia's 10th district: 

11/14/2014, "Rep. Wolf: Chinese Hackers ‘Literally Taking Whatever They Want’," CNS News, Barbara Hollingsworth

"Washington is not doing nearly enough to stop Chinese hackers, who reportedly broke into the National Oceanic and Atmospheric Administration’s (NOAA) computer system in September, from stealing critical information from U.S. government agencies and American businesses, says Rep. Frank Wolf (R-VA).

They have a more sophisticated spying apparatus than the KGB had, Wolf told

We’re losing jobs, technology, everything is leaving. It’s like they’re coming in and literally taking whatever they want to take....

“And you don’t see a coordinated effort either from the Congress or from the administration.”...

If you are a major law firm and you’re working on a trade case with China, they’ll strip your computers, said the Virginia Republican, who is retiring this year after serving in the House since 1980. "...


Added: NASA was hacked 13 times in 2011:

Foreign governments have no need to hack US government computers. They know they can take what they want: Reuters, BBC:

3/2/2012, NASA says it was hacked 13 times last year,” Reuters

NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.”…

NASA had been warned in 2009 that it was failing to take steps needed to protect its information: BBC

11/15/2012, “NASA to encrypt data after its latest laptop loss,” BBC

NASA "had been warned in 2009 that it was not taking enough steps to sufficiently protect information.""


March 2012 article-NASA chief Bolden says he's "going to sign a directive" ordering NASA portable devices to use encryption. As of November 2012, still no encryption. "Bolden also said that most attacks are "by kids who are just trying to impress people.""

3/21/2012, "Hearing Notes: Charles Bolden Testifies on NASA's FY 2013 Budget,", Keith Cowing

"When (Rep.) Wolf mentioned the recent NASA IG report on computer security and the spate of incidents, Bolden said that he was going to sign a directive, and that all portable devices would use encryption. He said he should have known better and that it was his fault that this had not been implemented sooner. Bolden said that he had talked to his staff and that when compared to other agencies IT security that NASA was "woefully deficient". Bolden also said that most attacks are "by kids who are just trying to impress people."

Bolden said that his IG had told him that it would be a simple matter for him to tell his staff to encrypt everything - but his staff is spread across NASA and each center has different requirements. When Rep. Wolf asked Bolden if he needed Congressional language to direct him Bolden said "OH, NO NO" and that he had enough direction already."...


November 2012: Still no encryption for NASA computers as promised in March 2012. Had been warned in 2009, did nothing. Between 4/2009 and 4/2011, 48 NASA devices--unencrypted-- were lost or stolen:

11/15/2012, “NASA to encrypt data after its latest laptop loss,” BBC


Added: NOAA has been a deeply corrupt rogue operation for many years. July 2010 article mentions IG Todd Zinser who also appears in Nov. 2014 Washington Post article above about NOAA corruption:

July 1, 2010, "Audit cites wide fund abuse by NOAA cops," Gloucester Times, Richard Gaines

"Tens of millions in fines levied against U.S. commercial fishermen held in an unrecorded account were used by the fisheries law enforcement division of the National Oceanic and Atmospheric Administration to fuel extravagant purchases and foreign travel, according to a forensic audit for a U.S. inspector general made public Thursday.

Among the discoveries by the accounting firm KPMG, brought in by Department of Commerce's IG's office, was that NOAA police own more vehicles "by a substantial margin" than they have officers — 202 vehicles for 172 officers.

The audit also found multiple purchases on the same day from the same vendor, six-figure overseas' convention spending and the purchase of 22 vessels including a $300,000 "undercover" vessel described by the manufacturer as "luxurious," with a "beautifully appointed cabin." 

All of those purchases bypassed internal review, the audit found.

In all, the mess of an asset forfeiture fund — used by the police and legal divisions — was of a magnitude greater than estimated by the initial investigators of IG Todd Zinser.

While the Asset Forfeiture Fund was loosely estimated last spring to involve $8.5 million, the forensic audit concluded that NOAA fisheries law enforcement may have brought in as much as $96 million over 41/2 years through June 2009 and spent $49 million via more than 82,000 transactions.

Although the investigation of the fund covers only as far back as January 2005, the police chief, Dale Jones, was appointed in 1999 late in the administration of President Bill Clinton.

Jones apparently was removed from his office — if not the payroll in March after Zinser announced at a congressional oversight hearing here in Gloucester, the epicenter of resistance to NOAA law enforcement and fisheries management policies, that his teams had evidence Jones misused the fund for personal overseas travel.

The next day, at a different oversight hearing into NOAA law enforcement abuses in Washington, Zinser made another major accusation — that Jones had ordered the shredding of documents while the IG's investigation was nearing its conclusion.

The only subsequent notice of the law enforcement scandal that followed, however, was a cryptic announcement from NOAA that a career fisheries manager had been named acting head of law enforcement. The announcement of the departmental change did not even mention Jones' name.

NOAA Chief Counsel Lois Schiffer and Eric Schwaab, who heads NOAA Fisheries for chief administrator Jane Lubchenco, announced after the IG's preliminary report of police abuses that there would be no looking back or effort to rectify past miscarriages of justice.

NOAA has also fought against Freedom of Information Act requests by the Times seeking official clarification of whether Jones remains on the federal payroll.

Lubchenco did not respond to an invitation to comment Thursday, but NOAA released a statement saying the agency "expected this review, appreciates the level of detail it provides and is evaluating the data and results carefully."

"Based upon the earlier IG input and public feedback, NOAA has already taken action to improve policies, management processes and internal controls of the fund," NOAA said.

'Why aren't they in jail'?

The reaction of others Thursday was very different.

"My question is, why are these people not in jail?" said attorney Stephen Ouellette, who maintains an Atlantic Coast fishing and maritime practice and began documenting violations of individual rights and high seas police excesses in letters to Congress dating back a decade.

"There're not very nice people, are they?" said Lawrence Ciulla, president of the Gloucester Seafood Display Auction, the family business that keys the fishing port economy in Gloucester.

"This latest in a series of reports by the Inspector General appears to be yet another vindication of allegations the industry has been making for several years, namely that NOAA enforcement agents and general counsel are perversely incentivized to seek fines and forfeitures grossly disproportionate to relatively minor or technical violations of complex and ever changing regulations," said auction defense attorney Paul Muniz. 

Congressman John Tierney said yesterday he intends to introduce legislation to prevent future misuse of the NOAA Asset Forfeiture Fund and support fishermen who have been cleared of wrongful allegations by NOAA.

"Today, we received further evidence of the NOAA's misuse of authority," Tierney said. "It is essential that we end this culture of no accountability at NOAA and take the appropriate steps to ensure fairness and economic stability for our fishing community."

NOAA police 'slush fund'

Delegate Madeleine Bordallo of Guam, who chairs a fisheries subcommittee of the House Commerce Committee and had the gavel on March 3 when Zinser said under oath that Jones had authorized a mass document shredding, said she views the audit as spotlighting a NOAA enforcement "slush fund."

In her statement, she said the asset forfeiture account "was never meant to be a slush fund for bureaucrats to go on a spending spree with a limitless credit card — and it is of the utmost importance that NOAA establish transparent guidelines for how this fund can be used."

Still to come from Zinser is a report on specific cases and the follow up on the reported document shredding.

The Asset Forfeiture Fund — built with fines paid by fishermen for alleged violations of NOAA regulatory mandates — was "more an abstract concept than a tangible entity within NOAA," the new audit found.

So extensive was the problem that KPMG's contract with the IG's office expired before the global accounting firm could begin identifying specific irregularities, Zinser's summary indicated.

The results were seen Thursday as another powerful vindication for fishermen and others in the industry, who for years had complained to Congress and the NOAA hierarchy about abuse of authority, grudge-settling and harassment on the part of agents--all to no avail.

Probe started here

The Inspector General's Office began a national investigation one year ago in Gloucester and elsewhere in Massachusetts, and reported in January that NOAA police, primarily criminal specialists hired by Jones working in a field that is largely administrative, had wrongly treated bland oversights in reporting as if they were criminal conspiracies.

The worst excesses were found in the Gloucester-based law and police sections, from which the entire New England and Mid-Atlantic states are governed.

The turning point came last year (2009) after the No. 1 target of the police and legal offices here in Gloucester announced a third effort to punish the Gloucester Seafood Display Auction, which had refused to accede in two earlier cases.

Instead, after NOAA announced a 53-count allegation against the No. 1 sales platform for fish caught in the Gulf of Maine, its advocates — especially state Rep. Ann-Margaret Ferrante and Sen. Bruce Tarr — organized a plea for intervention from the leadership of the state legislature to halt the agents' "vindictive" law enforcement.

The cries for relief brought the congressional delegation into action, and that pressure ultimately pushed NOAA's Lubchenco to call for the Commerce Department's Inspector General to step in.

Under the administrative law system used against the fishing industry, the NOAA administrator serves as the appeals judge for cases tried in the Coast Guard administrative law system. And in April 2009, Lubchenco upheld a finding of her predecessor at the top of NOAA against the auction, despite its having won a dismissal at trial.

That finding by Lubchenco gave her regional fisheries police and litigators the material to claim the auction was facing a punitive shutdown at the hands of the federal agency.

Gloucester agent-in-charge Andy Cohen leaked information to the Boston Globe that, because of the new charges, the auction was facing temporary shutdown. But with the auction case in court, no shutdown ever occurred. and U.S. District Judge Douglas Woodlock chastised Cohen for his actions."
Feb. 2011, CBS News gives some air time to scandals at NOAA Fisheries Management. Unfortunately, since CBS "put this piece in the can, the Secretary of Commerce has reneged on his pledge to review previous fines and has severely limited the Special Master's scope of remedies."

2/17/2011, "CBS News takes NOAA Fisheries Management to the woodshed"
"Wow! What a nice job by CBS News, Armen Keteyian, and Katie Couric. On 16 February, CBS News devoted some four minutes to an investigative piece into the scandal that should have rocked NOAA and the Obama administration last fall....

CBS addressed the NOAA Law Enforcement "Shredding Party" where the director of
  • NOAA's Office of Law Enforcement shredded some 70-80% of his documents before the IG ever got to see them....
CBS showed a clip of [Republican] Senator Grassley, who said, "I want to make sure that heads roll...because in a bureaucracy, if heads don't roll, you don't change behavior."
  • Nicely said, Senator, but no heads have rolled and apparently none will.
Nobody has been punished at all. There will be no change in behavior."...

"Fishing jobs are gone; NOAA jobs are not. The number of regulators and observers assigned to each fisherman has increased dramatically."

Sept. 2011, New England fishermen begged Obama for help via full page newspaper ad, hoping to catch his attention during his Martha's Vineyard stay. They received zero response.

9/22/2011, "Death of an Industry: The President's Impoverishment of America's Fishermen," American Thinker, Mike Johnson

"While Obama vacationed on Martha's Vineyard last year, "the fishermen of New England ran a full-page ad in the Vineyard Gazette titled "Mr. President, We Need Your Help." The fishermen came to the Vineyard in their boats and paraded in the harbor to emphasize their plight. The American Thinker ran a piece on the events. 

The ad was in the form of a letter from Russell Sherman, the captain of the fishing vessel Lady Jane out of Gloucester, MA. The letter was well-written, elegant in its simplicity and comprehensive in its content, befitting Captain Sherman's Harvard education. It read in part:

"My business is only one of hundreds facing extinction. While there will be a small handful of "winners" under these new rules [Catch Shares] [eff. 5/1/10], the vast majority of us will be losers. And when we "losers" are forced out, jobs will be lost, coastal communities gutted, and crucial commercial fishing infrastructure gone forever. ...

Mr. President, we desperately need your leadership."... 

How much help did the fishermen get from the president? None! Nada! Not even an acknowledgement of their efforts. Not even a receipt from the White House for the copy of the letter they sent directly to the president by "Certified Mail, Return Receipt Requested."... 

The heavy-handed regulatory management continues, as shown by a recent independent review by Preston Pate. Fishing jobs are gone; NOAA jobs are not. The number of regulators and observers assigned to each fisherman has increased dramatically. Needless to say, this is not the help the fishermen were seeking. 

The lawsuit brought by the fishermen based on NOAA exceeding their mandate in imposing catch shares has been rejected based on NOAA having the authority to do just about whatever they please. See Dr. Briand Rothschild's "Fish, the Intent of Congress, and Jobs" and the related American Thinker piece. 

Catch allocations, the key to successful fishing under catch shares, remain extremely low because of the government's uncertainty in its science. See the Massachusetts Marine Fisheries Institute (MFI) study report....

Fishing as a way of life has endured for four centuries along the coast of New England. Turning the fisheries into a commodities-based enterprise is tantamount to

  • the destruction of the fishing community and its culture."

Comment: As described, in late summer 2011, New England fishermen chipped in on a full page ad begging Obama for help and got zero results. If you thought Obama was going to respond to abused New England fishermen or that he could ever be a "leader" of anything except ginning up hatred, you're seriously disconnected from reality. Not that voting Republican through 2014 would've meant better results. (Hence the reason for Trump in 2016): "The mistreatment of fishermen has been independent of the party in power, although Obama has exacerbated the problem by ceding NOAA to the environmentalists with the appointment of Dr. Lubchenco."

The entire globalist political class is America "last:" open borders, massive so-called free trade deals (investor protection rackets), endless neocon foreign wars paid for by US taxpayers, endless flow of US made weapons to every human being in violent foreign hell holes, and an endless stream into US neighborhoods of "refugees" from violent cultures produced by endless foreign wars. 


No comments:


Blog Archive

About Me

My photo
I'm the daughter of an Eagle Scout (fan of the Brooklyn Dodgers and Mets) and a Beauty Queen.