U.S. weather satellites were breached 10 times over the course of a year, according to a congressional agency.
The hacks of the Joint Polar Satellite System took place between August 2014 and August 2015, according to the report published by the Government Accountability Office. The incidents were classified as ranging from medium to high severity, and included “hostile probes, improper usage, unauthorized access, password sharing and other IT-related security concerns.”
The report, issued this week by GAO IT Director David Powner, found that the most significant issue was the threat posed by unresolved vulnerabilities. Though federal guidelines require issues to be fixed within 30 days, Powner said, the program had more than 1,400 critical to high risk vulnerabilities more than four months old at the end of the reporting period.
The $11.3 billion JPSS program, which is administrated by the National Oceanic and Atmospheric Administration, is responsible for collecting the weather data that aids forecasters. The newest satellite has been scheduled for a March 2017 launch, but that initiative has been plagued by cost overruns and is facing a delay due to acquisition problems.
Related Story: http://www.washingtonexaminer.com/article/2586717
Cybersecurity incidents are usually linked to state actors. In fall 2014, four NOAA websites were breached by hackers linked to the Chinese government, probably for the purpose of obtaining technical information that could be used for replicating American systems.
“While NOAA cannot publicly comment on these specific incidents, due to reasons related to national security, all cybersecurity threats are taken seriously and addressed quickly,” the agency said in a statement. “NOAA remains committed to maintaining the highest possible level of information security.”
