Cyber Espionage

Why the Weather Service Infiltration is a Big Deal

The infiltration of the NOAA has been drawing attention, criticism and speculation since the weather service admitted to being infiltrated in September 2014. Most of the articles written up to date have focused on the who as opposed to the why. So, why is the infiltration of the National Weather Service a big deal?

As mentioned in this blog before, cyber warfare, cyber espionage and cyber theft are becoming more and more prominent. Many aspects of civilian infrastructure are vulnerable to cyber attacks including power stations, databases of classified information related to homeland security and infiltration of financial institutions. But the National Weather Service? What could someone possibly have to gain from hacking the Weather Service? After all, all it does is give us the daily weather…right? As it turns out, the Weather Service and its functions play a vital role in US national security.

The mission of the National Weather Service is to  

provide weather, hydrologic, and climate forecasts and warnings for the United States, its territories, adjacent waters and ocean areas, for the protection of life and property and the enhancement of the national economy…”

By this mission statement one might deduce that the Weather Service could have a significant impact on the national security of the United States. Information gathered and disseminated by them is critical to multiple aspects of our economy including, but not limited to, shipping, commercial fishing, farming, and air traffic control. They operate multiple satellite systems orbiting the earth which are responsible for gathering data regarding global weather patterns. These weather patterns are of significant use to the national intelligence community. The US Military relies on information from the Weather Service in order to properly run the gigantic logistical machine that is the armed services. In addition, the NWS also functions to warn the population about weather emergencies and natural disasters.

It is conceivable then that an infiltration and subsequent shutdown of the weather service would cause significant disruption in the government’s ability to function. Such a shutdown could lead to disruptions to air travel, maritime navigation, severe weather warnings and military operations.

Marshall Shepherd, Director of Atmospheric Sciences at the University of Georgia and past president of the American Meteorological Society, made the point clear when he stated

“Every sortie flown in the name of national security relies on weather information and intelligence. If you value Homeland Security, you have to value weather. That means we have to protect it as much as we do anything else.”

Indeed the infiltration of the NWS system should serve as a wake up call to an organization that has placed its cyber security at such low importance.

According to Chief Operations Officer David Titley much of the reason for the poor security at the NWS has to do with budget. He stated that the National Weather Service is in dire need of funding in order to boost their digital security.

“It’s pretty well documented that NOAA doesn’t have enough money to do what it wants to do the way it wants to do it,” he says. “Security is only one of those issues. This is an example of how things in the federal government start to break when they’re ignored.”

In his opinion cyber security was not a significant concern at the time the service was created and older systems remain vulnerable unless the government prioritizes protection.

The attacks in September were not the first of their kind either. In 2013 a hacker accessed sensitive NOAA data by using a contractor’s computer. In 2012 a hacker group from Kosovo reportedly hacked into the weather service computers and released sensitive data. The group responsible for the 2012 incident identified themselves as “Kosova Hacker’s Security” and claimed their attacks were in retribution for American hostility towards Muslim Nations

US response to incidents of cyber violation are dismal, at least in light of what is being released publicly. Leon Panetta even weighed in calling cyber warfare a “digital Pearl Harbor”, warning that the nation is woefully unprepared to deal with these types of violations. Whether the attacks are coming from China, Russia or fringe groups like “Kosova Hacker’s Security” is largely irrelevant. Accusing and threatening suspect nations with reprimands and empty repercussions is ineffective. The anonymous nature of the internet gives hackers and governments incredible plausible deniability. Therefore, focus must be on shoring up digital defenses and preventing attacks.



Cyber Ghosts: Digital Espionage and the New Cold War

Two new revelations from the intelligence community this week have reiterated the gravity of cyber warfare and its effect on US national defense. The first occurred during President Obama’s visit to China. During that time, China was busy hosting the 10th China International Aviation and Aerospace Exhibition in ZhuHai China (中国国际航空航天博览会). The main attraction at the airshow was the new chinese J-31 fighter. Almost immediately, opinion began circulating regarding how the J-31, like its predecessor prototype the J-20, looked remarkably like the US F-35 Joint Strike Fighter and the F-22 Raptor. A quick look at the above photograph and anyone can see that the resemblance is undeniable.

While much of the conversation surrounding the J-31 in the media, social media and blogosphere is writing off the new jet as a cheap knockoff of the F-35, likely incapable of the same technological feats, the underlying issue here is not the jet itself, but its implications. It is no secret that the Chinese are suspected of many sophisticated cyber attacks against US infrastructure and defense. Examples abound for this type of intrusion and for the sake of length this article will not expand on them, rather the point here is to focus on the ramifications of cyber warfare.

Cyber warfare is “action by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks” (Rand). Cyber attacks are not limited to attacks on defense apparatuses such as government contractors. These attacks can be targeted toward any number of areas to include critical infrastructure such as power grids or financial centers. The risks of a cyber attack are unique in that they can happen very quickly and be nigh untraceable. Compared to traditional forms of war, cyber warfare is inexpensive, highly effective and offers a high degree of anonymity and plausible deniability.

Two of the main concerns of cyber warfare are disruption of critical infrastructure and cyber espionage. For example, a foreign government may lack the will or ability to launch a true campaign which would cost billions, result in true warfare, and the loss of life and regional stability. Perhaps this country doesn’t want a traditional war with a superpower like the United States due to economic concerns, but still wants to degrade their capabilities and injure their economy. Cyber attacks against infrastructure are an attractive and potent option. Hacking into financial centers or energy infrastructure might allow them to damage our economy, cause widespread blackouts, civil unrest, etc. The ability for cyber warriors to cover their tracks provides this hypothetical country with plausible deniability and a certain degree of shelter from potential repercussions. Still, the risks associated with being discovered are severe which leads to cyber espionage as another attractive option.

Cyber espionage is the use of computer networks to gain illicit access to confidential information, typically held by a government or other organization (Oxford). In essence, it is the stealing of secrets by way of digital intrusion. Going back to the beginning of this piece the J-31 is a foreboding example of cyber espionage. Headlines going back to 2011 claim that both Lockheed Martin, the main company behind the F-35 program, and BAE systems, a program subcontractor, were affected by cyber attacks. What information was taken isn’t widely available but defense experts acknowledge that it played a large role in the production of Chinese 5th generation jets. Furthermore, China’s production of 5th generation equipment likely means that it will not remain in China but will be exported to their allies which are less than amicable to the US.

A huge concern over these attacks and others like it is the possibility that cyber warfare can be used in real time on the battlefield. Some have speculated that with information gained about network security, hackers could conceivably disable or even hijack electronic devices such as those found on the Joint Strike Fighter. This scenario might elicit eye rolls from many but the possibility exists.

During research for a past study I came across the SkyJack. The SkyJack is basically a Parrot AR Drone outfitted with a special program that allows it to sniff out wireless signals from other drones and then take control. Granted, we’re talking about toys here but it is compelling nonetheless. In the hands of sophisticated hackers armed with sensitive information about a next-generation fighter’s network capabilities, it is conceivable that the controls could be seized. At minimum, with access to flight controls and guidance system, the platform could be disabled and rendered useless.

Cyber warfare is a potent weapon in the digital age but is still in its infancy. Everyday, hackers are becoming more sophisticated in their methods. Keeping up with the changes in methodology and technical prowess is a daunting task and one that the bloated bureaucratic system has been failing. Nevertheless, President Obama’s Feb. 2013 executive order stressed the importance of improving our cyber security framework and denying intrusion into our critical infrastructure. Whether or not it is too little too late will remain to be seen but cyber attacks will continue and escalate. It is incumbent on the intelligence community and private industry alike to develop methods to counter such attacks and ensure sensitive information is not surrendered to third parties.