NOAA Has IT Security Issues – Just Like NASA Does
Hacker Breached NOAA Satellite Data From Contractor’s PC, NextGov
“National Oceanic and Atmospheric Administration satellite data was stolen from a contractor’s personal computer last year, but the agency could not investigate the incident because the employee refused to turn over the PC, according to a new inspector general report. This is but one of the “significant security deficiencies” that pose a threat to NOAA’s critical missions, the report states. Other weaknesses include unauthorized smartphone use on key systems and thousands of software vulnerabilities.”
Significant Security Deficiencies in NOAA’s Information Systems Create Risks in Its National Critical Mission, NOAA
“We found that (I) information systems connected to NESDIS’ critical satellite ground support systems increases the risk of cyber attacks, (2) NESDIS’ inconsistent implementation of mobile device protections increases the likelihood of a malware infection, (3) critical security controls remain unimplemented in NESDIS’ information systems, and (4) improvements are needed to provide assurance that independent security control assessments are sufficiently rigorous.”
I’m having difficulty finding out exactly what happened. What was the information that was compromised? Was it classified? Confidential? ITAR-restricted? Password files? Subject to the FOIA? The only point I cound find in this account was that it was part of a “low-impact” project.
“The employee refused to turn over the PC” certainly suggests there’s more than we’re being told. (Or less than is being implied.)