Tag: NOAA SATELLITE DATA

National Oceanic and Atmospheric Administration satellite data was stolen from a contractor’s personal computer last year, but the agency could not investigate the incident because the employee refused to turn over the PC, according to a new inspector general report.

This is but one of the “significant security deficiencies” that pose a threat to NOAA’s critical missions, the report states.

Other weaknesses include unauthorized smartphone use on key systems and thousands of software vulnerabilities.

The July 15 report made public on Friday concentrates on information-technology security problems at NOAA’s National Environmental Satellite, Data, and Information Service. NOAA is part of the Commerce Department.

During the 2013 incident, “an attacker exfiltrated data from a NESDIS system to a suspicious external IP address via the remote connection established with a personal computer,” wrote Allen Crawley, Commerce’s assistant IG for systems acquisition and IT security, referring to a dodgy computer address.

NOAA determined the PC likely was infected with malware, but it was prevented from examining further because “the owner of the personal computer, even though a NESDIS contractor, did not give NOAA permission to perform forensic activities on the personal computer,” Crawley said.

The inspector general cited this case as an example of why it’s a bad idea — and a violation of Commerce policy — for any personnel to access NOAA information systems using personal computers. In response to a draft report, NOAA officials noted the system in question was not a “high-impact” system.

https://www.nextgov.com/cybersecurity/2014/07/hacker-breached-noaa-satellite-data-contractors-pc/89771/