The Office of the Chief Information Officer sent a memo detailing how teleworking employees can protect agency systems.
Under the cover of the novel coronavirus pandemic, malicious actors dramatically increased attacks on NASA and its remote workforce must be vigilant, according to agency officials.
“During the COVID-19 pandemic, NASA has seen an increased number of cyber threats that include phishing attempts and malware attacks,” a NASA spokesperson told Nextgov, verifying an agencywide memo NASA’s Office of the Chief Information Officer sent to the workforce Monday that urged caution.
Over the past few days, the agency security operations center blocked twice the number of phishing attempts and malicious sites trying to access NASA system. The memo also states the agency faced an “exponential increase in malware attacks on NASA systems.”
NASA is the most recent agency to report an uptick in cyberattacks associated with the COVID-19 crisis. The departments of Defense and Health and Human Services have acknowledged an increase in cyber threats related to the pandemic.
The NASA spokesperson credited the agency’s defenses with mitigating the threat.
“NASA’s IT systems are attractive targets for cyber criminals and nation-state actors, who may want to steal, jam, spoof or hijack our systems, data, and datalinks,” he said. “NASA cybersecurity tools have mitigated the impact of these attacks. NASA’s Security Operations Center (SOC) continues to monitor and protect Agency systems, data and intellectual property 24x7.”
The memo warned the attacks would likely continue to increase over the course of the pandemic and asked employees to keep their personal digital services separate from those they use for work.
“NASA employees and contractors should expect these cyber threats and cyber attacks to continue at an elevated level,” the memo reads. “Be cautious while working and when using your personal computers or mobile devices.”
The memo directs employees to use the NASA VPN to log in, keep agency devices current on software patches and updates, use only agency-approved software, and encrypt sensitive information when appropriate. “Refrain from opening your personal email or non-work related social media on your NASA computer systems/devices,” it reads.
The cyber criminals are after sensitive agency information and credentials, the CIO says, and may use “requests for donations, updates on virus transmissions, safety measures, tax refunds, fake vaccines, and disinformation campaigns” to entice workers into clicking on malicious links.
Help us understand the situation better. Are you a federal employee or contractor with information about how your agency is handling the coronavirus? Email us at firstname.lastname@example.org.