NOAA Reveals Four Websites CompromisedChina's Suspected Role Comes as No Surprise, Experts Say
The National Oceanic and Atmospheric Administration has revealed that four of its websites were compromised by a cyber-attack. And reports that China was allegedly behind the incident should not come as a surprise, security experts say.
"Foreign intelligence agencies have powerful incentives to spy on the U.S. and that isn't going to change," says Jim Lewis, director and senior fellow for the Strategic Technologies Program at the Center for Strategic and International Studies, a Washington think-tank.
Rep. Frank Wolf, R-Va., told the Washington Post that he went to NOAA for confirmation about the breach, and the agency confirmed to him that China was responsible. "NOAA told me it was a hack and it was China," Wolf says.
NOAA is the Commerce Department scientific agency focused on tracking and analyzing oceanic and atmospheric conditions; it oversees the National Weather Service.
Last May, the Justice Department indicted five Chinese military officers for hacking into U.S. companies (see U.S. Charges 5 Chinese with Hacking).
NOAA confirms that the hacks of its systems occurred in recent weeks. "Staff detected the attacks and incident response began immediately," a NOAA spokesperson says. Unscheduled maintenance was performed to mitigate the attacks, the agency says. The impact of the maintenance was temporary and all services have been fully restored.
"These effects did not prevent us from delivering forecasts to the public," the spokesperson says. "The investigation is continuing with the appropriate authorities and we cannot comment further."
NOAA did not reveal what data, if any, was compromised in the breach, nor who might have been responsible for the intrusion.
The breach forced cybersecurity teams to seal off data vital to disaster planning, aviation and shipping, officials close to the investigation tell the Post. The intrusion occurred in late September, the newspaper reports.
U.S., China Cyber Relations
The U.S. and China have been tangled in a back-and-forth fight when it comes to cybersecurity relations (see U.S.-China Fisticuffs Over Cyberspying).
In May, following the indictment of five Chinese military officers by U.S. authorities, China announced that it would start vetting major IT products and services to ensure their security. Then, the Chinese government advised its nation's banks to replace IBM servers with those made in China.
But espionage should be expected in the cyber domain, says Karl Rauscher, ambassador-at-large and chief architect for cyberspace policy at the Institute of Electrical and Electronics Engineers. "I am expecting that the national security arm of our government is doing all that it can to have eyes everywhere it can to look for danger to the homeland," he says. "I expect other countries to do the same."
Government Breaches: The New Norm
At this point it's safe to assume that most government agencies have been breached, Lewis says. "But some are getting better at defense than others. Security isn't uniform across the government, since each agency gets to decide how much attention to pay to the problem."
Government services continue to be primary targets for hackers, says Chris Boyd, malware intelligence analyst at Malwarebytes Labs. "Everything from sensitive data harvesting to political statements on defaced webpages are possible," he says. "With so many important services connected to the Internet, it is essential [that] steps are taken to lock them down from attacks on what could turn out to be critical infrastructure services."
Back in July, an audit by the inspector general disclosed that an attacker last year removed data from a computer system supporting NOAA's National Environmental Satellite, Data and Information Service, the unit that acquires and manages environmental data from satellites (see: Commerce Unit's BYOD Problem).