NOAA Admits to Cyberattack on Satellite Data Networks
WASHINGTON — The U.S. National Oceanic and Atmospheric Administration has acknowledged that the “unscheduled maintenance” that temporarily disrupted the flow of certain satellite data to the National Weather Service in October was prompted by “an internet-sourced attack” on four NOAA websites.
“NOAA staff detected the attacks and incident response began immediately. Unscheduled maintenance was performed by NOAA to mitigate the attacks. The unscheduled maintenance impacts were temporary and all services have been fully restored,” NOAA spokesman Scott Smullen wrote in a Nov. 13 response to a SpaceNews query. He said the attack “compromised” four NOAA websites, but declined to identify which ones.
“These effects did not prevent us from delivering forecasts to the public,” Smullen wrote.
In late October, after The Washington Post reported that an apparent network outage had stemmed the flow of certain satellite data to National Weather Service forecast centers, NOAA said only that portions of the network operation at NOAA’s Satellite and Information Service had been undergoing unscheduled maintenance and that NOAA’s fleet of satellites and ground stations continued to operate normally.
The Washington Post’s report prompted Rep. Frank Wolf (R-Va.), who chairs the House Appropriations commerce, justice, science subcommittee that funds NOAA and NASA, among other agencies, to approach NOAA for details. In an interview Nov. 13, Wolf said that he was told by NOAA officials that the attack originated in China and likely within the Chinese government.
Smullen would not confirm or deny Wolf’s assertion. “The investigation is continuing with the appropriate authorities and we cannot comment further,” Smullen wrote.
Wolf said subcommittee staff were gathering information about the incident and that hearings were a possibility.
The Commerce Department’s inspector general, Todd Zinser, also is looking into the incident, according to Zinser spokesman Clark Reid. Zinser’s office warned in July that NOAA’s satellite data networks faced increased risk of cyberattacks and needed more robust security. The July report followed a 2009 audit that criticized NOAA’s Satellite and Information Service for inadequate cybersecurity planning.