NOAA data security

By DaveH on July 29, 2014 4:08 PM | No Comments

Interesting article from SC Magazine:

IG scolds NOAA on security deficiencies, recommends fixes
The security climate is in need of change at the National Oceanic and Atmospheric Administration (NOAA) after a report from the Office of the Inspector General in the Department of Commerce found “significant security deficiencies” — amounting to thousands of vulnerabilities — threaten its mission critical systems.

Specifically, the report on the IG's audit of NOAA called out the agency for having its information systems connected to National Environmental Satellite, Data, and Information Service (NESDIS) critical satellite ground support system which it says “increases the risk of cyber attacks.”

“The Polar-orbiting Operational Environmental Satellites' (POES') and Geostationary Operational Environmental Satellites' (GOES') mission-critical satellite ground support systems have interconnections with systems where the flow of information is not restricted, which could provide a cyber attacker with access to these critical assets,” said the report, echoing security professionals who have always pegged the transitive trust between the systems that run the business and the infrastructure systems as a point of vulnerability.

After reviewing selected Windows components on four NESDIS systems, the Inspector General concluded that “inconsistent implementation of mobile device protections” boosted the probability of malware infection, primarily because unauthorized devices had been connected to critical systems and because GOES and the Environmental Satellite Processing Center (ESPC) didn't take steps to make sure that the Windows AutoRun feature was consistently disabled. Nearly half, 48 percent, of the ESPC's components — and 36 percent of GOES's — were accessed by unauthorized smart phones and thumb drives.

Ouch! More at the article - these are absolute basic security techniques and for them not to be implemented shows a disconnect. A perfect example of a Cyber Dunning-Kruger effect.

From the link:

Dunning and Kruger proposed that, for a given skill, incompetent people will:

    1. tend to overestimate their own level of skill;
    2. fail to recognize genuine skill in others;
    3. fail to recognize the extremity of their inadequacy;
    4. do recognize and acknowledge their own previous lack of skill, if they are exposed to training for that skill.

The scientists at NOAA are not stupid people but they are only trained for specific areas of knowledge. Computer Data Security does not fall into those areas but they think that they are smart enough to implement their security measures. Epic Fail!

Graduate-level programs should have two quarters of mandatory networking and security classes.

Categories:

Leave a comment

Search

October 2022

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Environment and Climate
AccuWeather
Cliff Mass Weather Blog
Climate Depot
Ice Age Now
ICECAP
Jennifer Marohasy
Solar Cycle 24
Space Weather
Watts Up With That?


Science and Medicine
Junk Science
Life in the Fast Lane
Luboš Motl
Medgadget
Next Big Future
PhysOrg.com


Geek Stuff
Ars Technica
Boing Boing
Don Lancaster's Guru's Lair
Evil Mad Scientist Laboratories
FAIL Blog
Hack a Day
Kevin Kelly - Cool Tools
Neatorama
Slashdot: News for nerds
The Register
The Daily WTF


Comics
Achewood
The Argyle Sweater
Chip Bok
Broadside Cartoons
Day by Day
Dilbert
Medium Large
Michael Ramirez
Prickly City
Tundra
User Friendly
Vexarr
What The Duck
Wondermark
xkcd


NO WAI! WTF?¿?¿
Awkward Family Photos
Cake Wrecks
Not Always Right
Sober in a Nightclub
You Drive What?


Business and Economics
The Austrian Economists
Carpe Diem
Coyote Blog


Photography and Art
Digital Photography Review
DIYPhotography
James Gurney
Joe McNally's Blog
PetaPixel
photo.net
Shorpy
Strobist
The Online Photographer


Blogrolling
A Western Heart
AMCGLTD.COM
American Digest
The AnarchAngel
Anti-Idiotarian Rottweiler
Babalu Blog
Belmont Club
Bayou Renaissance Man
Classical Values
Cobb
Cold Fury
David Limbaugh
Defense Technology
Doug Ross @ Journal
Grouchy Old Cripple
Instapundit
iowahawk
Irons in the Fire
James Lileks
Lowering the Bar
Maggie's Farm
Marginal Revolution
Michael J. Totten
Mostly Cajun
Neanderpundit
neo-neocon
Power Line
ProfessorBainbridge.com
Questions and Observations
Rachel Lucas
Roger L. Simon
Samizdata.net
Sense of Events
Sound Politics
The Strata-Sphere
The Smallest Minority
The Volokh Conspiracy
Tim Blair
Velociworld
Weasel Zippers
WILLisms.com
Wizbang


Gone but not Forgotten...
A Coyote at the Dog Show
Bad Eagle
Steven DenBeste
democrats give conservatives indigestion
Allah
BigPictureSmallOffice
Cox and Forkum
The Diplomad
Priorities & Frivolities
Gut Rumbles
Mean Mr. Mustard 2.0
MegaPundit
Masamune
Neptunus Lex
Other Side of Kim
Publicola
Ramblings' Journal
Sgt. Stryker
shining full plate and a good broadsword
A Physicist's Perspective
The Daily Demarche
Wayne's Online Newsletter

About this Entry

This page contains a single entry by DaveH published on July 29, 2014 4:08 PM.

Keystone Pipeline - the unions are in favor of it was the previous entry in this blog.

One year ago today and nothing has changed is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.9