The infiltration of the NOAA has been drawing attention, criticism and speculation since the weather service admitted to being infiltrated in September 2014. Most of the articles written up to date have focused on the who as opposed to the why. So, why is the infiltration of the National Weather Service a big deal?
As mentioned in this blog before, cyber warfare, cyber espionage and cyber theft are becoming more and more prominent. Many aspects of civilian infrastructure are vulnerable to cyber attacks including power stations, databases of classified information related to homeland security and infiltration of financial institutions. But the National Weather Service? What could someone possibly have to gain from hacking the Weather Service? After all, all it does is give us the daily weather…right? As it turns out, the Weather Service and its functions play a vital role in US national security.
The mission of the National Weather Service is to
“provide weather, hydrologic, and climate forecasts and warnings for the United States, its territories, adjacent waters and ocean areas, for the protection of life and property and the enhancement of the national economy…”
By this mission statement one might deduce that the Weather Service could have a significant impact on the national security of the United States. Information gathered and disseminated by them is critical to multiple aspects of our economy including, but not limited to, shipping, commercial fishing, farming, and air traffic control. They operate multiple satellite systems orbiting the earth which are responsible for gathering data regarding global weather patterns. These weather patterns are of significant use to the national intelligence community. The US Military relies on information from the Weather Service in order to properly run the gigantic logistical machine that is the armed services. In addition, the NWS also functions to warn the population about weather emergencies and natural disasters.
It is conceivable then that an infiltration and subsequent shutdown of the weather service would cause significant disruption in the government’s ability to function. Such a shutdown could lead to disruptions to air travel, maritime navigation, severe weather warnings and military operations.
Marshall Shepherd, Director of Atmospheric Sciences at the University of Georgia and past president of the American Meteorological Society, made the point clear when he stated
“Every sortie flown in the name of national security relies on weather information and intelligence. If you value Homeland Security, you have to value weather. That means we have to protect it as much as we do anything else.”
Indeed the infiltration of the NWS system should serve as a wake up call to an organization that has placed its cyber security at such low importance.
According to Chief Operations Officer David Titley much of the reason for the poor security at the NWS has to do with budget. He stated that the National Weather Service is in dire need of funding in order to boost their digital security.
“It’s pretty well documented that NOAA doesn’t have enough money to do what it wants to do the way it wants to do it,” he says. “Security is only one of those issues. This is an example of how things in the federal government start to break when they’re ignored.”
In his opinion cyber security was not a significant concern at the time the service was created and older systems remain vulnerable unless the government prioritizes protection.
The attacks in September were not the first of their kind either. In 2013 a hacker accessed sensitive NOAA data by using a contractor’s computer. In 2012 a hacker group from Kosovo reportedly hacked into the weather service computers and released sensitive data. The group responsible for the 2012 incident identified themselves as “Kosova Hacker’s Security” and claimed their attacks were in retribution for American hostility towards Muslim Nations
US response to incidents of cyber violation are dismal, at least in light of what is being released publicly. Leon Panetta even weighed in calling cyber warfare a “digital Pearl Harbor”, warning that the nation is woefully unprepared to deal with these types of violations. Whether the attacks are coming from China, Russia or fringe groups like “Kosova Hacker’s Security” is largely irrelevant. Accusing and threatening suspect nations with reprimands and empty repercussions is ineffective. The anonymous nature of the internet gives hackers and governments incredible plausible deniability. Therefore, focus must be on shoring up digital defenses and preventing attacks.