We live in an ever more connected world, where cybersecurity often seems to fall short when faced with increasingly numerous and dangerous threats. Such was the case over the past two months when Chinese hackers infiltrated the United States’ National Weather Service.
The attacks seem to have taken place in late September, though information on the breach only started becoming available a month later with the breach being finally disclosed at the beginning of this month.
The National Oceanic and Atmospheric Administration (NOAA) which, oversees the National Weather Service, basically failed at respecting the law which states that such breaches must be reported to the proper authorities within two days of discovery.
The infiltration seems to have begun through a network server and to have spread to different machines from there. The agency says that “incident response began immediately” though NOAA hasn’t disclosed whether any data was stolen or if malicious software had been injected into its systems.
And while many of you may be unfazed by the news – it’s just the weather service, what’s the big deal, right? – you should remember that this service, and others like it are used by numerous individuals and agencies around the world including the US Army, and European weather centers.
An investigation is currently underway to discover how the security systems failed and also why NOAA failed to report the breach in a timely fashion.
That being said, a report from an industry watchdog said back in 2009 that NOAA’s security planning was so poor that the agency had little idea how vulnerable it actually was.