After Hack, NOAA Still Plans to Buy Supercomputers from IBM Unit Sold to Chinese Firm

The Ozone Mapping and Profiler Suite (OMPS) instrument, part of the JPSS satellite system, undergoes post thermal inspection at a Ball facility in Boulder, Colo.

The Ozone Mapping and Profiler Suite (OMPS) instrument, part of the JPSS satellite system, undergoes post thermal inspection at a Ball facility in Boulder, Colo. NOAA

NOAA says sale of Big Blue’s supercomputers to Lenovo doesn't present a risk to the JPSS program.

A weather agency allegedly hacked by China intends to continue with plans for using forecasting computers provided by an IBM unit recently sold to a Chinese company.

Lawmakers are voicing concerns about the contract, after the National Oceanic and Atmospheric Administration on Wednesday acknowledged attackers breached prediction and satellite systems. But NOAA says IBM’s sale of its supercomputing business to Chinese-based Lenovo will not affect the agency's life-saving prediction capabilities. 

"IBM is obligated to continue upgrading the NOAA supercomputer system" and an update is scheduled to complete in January 2015, a NOAA official told Nextgov late Thursday. "This move will in no way impact NOAA’s ability to provide timely and accurate forecasts to maintain public safety."

Earlier in the year, the proposed Lenovo acquisition sparked espionage concerns, amid federal charges that Chinese military members cribbed trade secrets from U.S. organizations’ networks.

But the Committee on Foreign Investment in the United States, which reviews potential security risks posed by foreign takeovers of U.S. companies, cleared the deal. And the sale closed Oct. 1.

Satellite System Plagued by Major Cyber Vulnerabilities

The recently revealed hack and Lenovo controversy follow years of warnings from agency watchdogs about NOAA’s computer insecurities.

This summer, a federal inspector general blasted the agency for long neglecting tens of thousands of major cyber vulnerabilities that could compromise its environmental satellite program, the Joint Polar Satellite System, or JPSS.

The IBM machines spun off to Lenovo, x86 servers, are part of that program.

NOAA officials do not see the transaction as a security issue. "After reviewing the terms of the sale, NOAA determined the sale doesn't present a risk to the JPSS program," NOAA spokeswoman Ciaran Clayton said in an email. 

JPSS computers support satellite command and control, and generate forecast data crucial for aviation, emergency response and other daily activities. 

Lawmakers and federal investigators say they intend to examine NOAA's reliance on IBM technology now owned by China. 

The Government Accountability Office and NOAA will brief House Science Committee staff "on this issue in the near future, and have already been briefed by CFIUS," committee spokesman Zachary Kurz said in an email. "This is an issue we have been tracking for some time and will continue to monitor closely."

As part of routine market research to explore contracting options, NOAA in August issued a request for information to survey all supercomputing vendors about their newest features, agency officials said.

Rep. Wolf 'Troubled' by Lenovo Acquisition

Rep. Frank Wolf, R-Va., told Nextgov that NOAA staff proactively told him IBM would be bidding on future work, because he is vocal on the issue of Chinese cyberespionage. 

Wolf said he is "absolutely" troubled by the possibility of national security threats from Lenovo's acquisition of IBM servers. 

"I am very concerned about any time a company is taken over by the Chinese," he said. The Chinese government "could put a chip in and do things that even the maintenance men might not be able to find." 

After Lenovo bought IBM's personal computer division in 2005, Wolf successfully pressured the State Department to keep the PCs off networks that contain classified material. 

“The question of stealing is both a national security issue and it’s also a jobs issue because they look for information so they can use it in their production," he said. "And a lot of their gains in certain areas have been from what they’ve taken, not that they are smartest people in the world. Now, the Chinese people are a wonderful people -- we’re talking about the Chinese government.”

The inspector general at the Commerce Department, which oversees NOAA, "has ongoing work with the JPSS program," IG spokesman Clark Reid said, but declined to comment further. 

The number of critical cyber vulnerabilities in the satellite program have spiked by more than 60 percent since 2012, increasing from 14,486 security holes to 23,868 holes, according to an August IG report

Deal Cleared by U.S. Regulators

IBM officials declined to comment on the NOAA computer project but said the U.S. government deemed the Lenovo sale free of any supply chain risks. 

"After a thorough review, the Committee on Foreign Investment in the United States found no conflict with U.S. security interests in the sale of IBM's x86 business to Lenovo," IBM spokesman Clint Roswell said. "IBM does not discuss the specifics of its federal client engagements."

In October, after NOAA reportedly knew of unauthorized satellite system interference, it downplayed the problems. The agency told the public the National Weather Service had not received some satellite data, "potentially impacting" model forecasts and that the system was undergoing unscheduled maintenance.  

NOAA did not notify the IG about the intrusion until Nov. 4, Reid said, adding that the inspector is looking into the issue further. 

NOAA officials now state four agency websites were breached "in recent weeks" by an "Internet-sourced attack." It was agency staff who detected the infiltrations and “incident response began immediately,” they added.

Not the First Time Chinese Hackers Accused of Breaching Satellites

Wolf said NOAA told him the incident was tied to the Chinese government, but agency officials declined to comment beyond their statement. 

The Washington Post first reported the hack Wednesday. 

This is not the first time NOAA satellite data has been hacked, nor is it the first time the Chinese have been accused of breaching satellites.

Agency satellite data was stolen from a contractor's personal computer last year, but NOAA could not investigate the incident because the employee refused to turn over the PC, according to a July inspector general report.

Several U.S. Earth observation satellites have also been probed by suspected Chinese hackers in recent years, according to federal officials. A 2011 report by the U.S.-China Economic and Security Review Commission characterized the events as successful interferences that might have been linked to the Chinese government.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.