NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — March 25, 2020

  • China Borrowing Russian Tactics to Spread Coronavirus Disinformation
  • Russia Blamed for COVID-19 Disinformation Campaigns
  • DCSA Suspends ESVAs and Onsite Activities Due to COVID-19
  • Navy, DoD Networks Strained Under Telework Demand
  • Pakistani Doctor Arrested in Minnesota on Terrorism Charge
  • U.S. Declares New ISIS Leader Global Terrorist
  • Government’s Maximum Telework Policy Overlooks Contractors
  • China Threatens Electronic Strikes on Navy
  • Man Gets 4 Years for Smuggling Classified Info to China
  • Pentagon Keeps Eye on Defense Industrial Base as COVID-19 Pandemic Evolves

China Borrowing Russian Tactics to Spread Coronavirus Disinformation (Cyber Scoop, 3/23/20)

Amidst the COVID-19 pandemic, China’s state-backed information operations have been following Russia’s playbook for spreading disinformation, an expert on the subject told a panel on Monday.  The Chinese Communist Party, typically thought to run disinformation operations aimed at controlling the narrative, is mirroring behavior that is historically associated with Russian disinformation — spreading chaos and confusion. 

In this case, it’s about whether the coronavirus actually originated in China, Laura Rosenberger, the director of the Alliance for Securing Democracy, said.  “Russia’s focused on sowing confusion,” Rosenberger said during a panel last week.  “We see China’s propaganda apparatus evolving and taking lessons from Russia in this moment … China was much more focused on narrative creation and control [before].”  More

Russia Blamed for COVID-19 Disinformation Campaigns (Gov Info Security, 3/23/20)

Disinformation campaigns with ties to Russia are continuing in an attempt to impede other governments' responses to the COVID-19 outbreak, complicating public health efforts to combat the disease, European officials warn.  The European Union's anti-disinformation unit says that from Jan. 22 to March 19, it logged more than 110 cases involving COVID-19 misinformation.  "These messages are characteristic of the Kremlin's well-established strategy of using disinformation to amplify divisions, sow distrust and chaos, and exacerbate crisis situations and issues of public concern," the EU's European External Action Service warns in a new report.

As of midday Monday, COVID-19 had infected more than 351,000 individuals and had led to over 15,00 deaths worldwide, according to a Johns Hopkins University research team.  In Europe, monitoring propaganda that originates outside of the EU is the job of EEAS, which has been seeing a sharp increase in COVID-19 "disinformation, misleading information, outright lies and wrong things," Peter Stano, the European Commission's chief spokesman on foreign and security policy, said last week. More

DCSA Suspends ESVAs and Onsite Activities Due to COVID-19 (DCSA, 3/20/20)

Due to the COVID-19 National Emergency in the United States, DCSA is suspending all Enhanced Security Vulnerability Assessments (ESVAs) and onsite activities until further notice.  Facilities scheduled to receive an ESVA will instead be contacted virtually by their Industrial Security Representative (ISR) who will conduct a Continuous Monitoring Engagement.  Detailed information on these engagements will be provided by your ISR.

The unique challenges presented by the coronavirus pandemic, including managing unprecedented security challenges will take the collective efforts of both government and industry.  Please continue to share with us your challenges and working together we will work out solutions.  Facility Clearance Inquiries (Option 3 of the DCSA Knowledge Center) will be suspended until further notice.   More


Surge in Remote Work Heightens Cybersecurity Risks

Hackers have wasted no time figuring out how to exploit the worldwide COVID-19  pandemic.  Their latest target—employees working from home. With increased remote work, there is increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, falling prey to phishing and ransomware attacks, using personal devices to perform work, and not following security policies established by your organization. These risks can be dramatically reduced simply by increasing employee awareness.

In addition to advice about washing our hands, employees need to be reminded about practicing good cyber hygiene as well. Now you can take advantage of the service America’s most respected companies have been using to protect their critical information caused by lax employee cyber habits. NSI’s SECURITYsense awareness program gives employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your employees and ensure they’re part of the solution and not part of the problem. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.


Navy, DoD Networks Strained Under Telework Demand (USNI News, 3/19/20)

The Defense Department’s mandatory and voluntary work-from-home push to protect the workforce from the COVID-19 virus is straining IT systems, even as the government is asking employees to make modifications to limit their consumption of network resources.  The Joint Force Headquarters for Department of Defense Information Networks (JFHQ-DODIN) has already begun blocking streaming websites such as YouTube, Netflix and Pandora, and it may block social media sites too “to maximize operational bandwidth available for COVID-19 response,” reads a message from the Navy’s Information Dominance Directorate (OPNAV N2/N6) and Fleet Cyber Command/ U.S. 10th Fleet.

Navy spokesman Joe Gradisher said the Navy networks are being affected by so many remote users but that it would be JFHQ-DODIN’s decision to make regarding blocking social media websites.  Regarding the Navy’s networks, “as might be expected, the increase in users who are teleworking/social distancing is having effects.  While the Navy’s IT Leadership works diligently to improve capacity as these requirements continue to grow, end users are being encouraged to adapt to ensure we can continue with mission assurance while teleworking,” Gradisher said. More

Pakistani Doctor Arrested in Minnesota on Terrorism Charge (AP, 3/19/20)

A Pakistani doctor and former Mayo Clinic research coordinator was arrested last week in Minnesota on a terrorism charge, after prosecutors say he told paid FBI informants that he had pledged his allegiance to the Islamic State group and wanted to carry out lone wolf attacks in the United States.  Muhammad Masood, 28, was arrested at the Minneapolis-St. Paul International Airport by FBI agents and was charged with one count of attempting to provide material support to a foreign terrorist organization.

Prosecutors say Masood was in the U.S. on a work visa.  They allege that starting in January, Masood made several statements to paid informants — whom he believed were members of the Islamic State group — pledging his allegiance to the group and its leader.  He also allegedly expressed his desire to travel to Syria to fight for ISIS and a desire to carry out lone wolf attacks in the U.S. More

U.S. Declares New ISIS Leader Global Terrorist (Jerusalem Post, 3/19/20)

Security experts in the Middle East believe that the Islamic State group remains active in certain Arab territories, though taking different forms, using different tactics, and serving different aims, than it had in the past.  The State Department said last week that Amir Muhammad Sa’id Abdal-Rahman al-Mawla, the new head of ISIS, would be declared a Specially Designated Global Terrorist. 

Al-Mawla, who is also known as Hajji Abdallah, Abdul Amir Muhammad Sa’id Salbi, and Abu-’Umar al-Turkmani, succeeded former leader Abu Bakr Al-Baghdadi, who killed himself in a suicide explosion during a U.S. raid last October.  The statement added that “al-Mawla gave permission to commit many crimes in the region, in addition to his supervision of the international operations of the [ISIS] organization.” More

Government’s Maximum Telework Policy Overlooks Contractors (Nextgov, 3/18/20)

Last week, OMB issued a memo asking federal agencies and departments to offer “maximum telework flexibilities” to eligible employees.  A top representative for the federal services industry says it won’t do much good for contractors—or public health—if contracting officers aren’t specifically told to modify the relevant legal agreements.   

“If an agency says, 'Everybody go home and telework,' and the contractors have contracts that say you can't telework, you have to be at the agency facility in order to do your job.  You have a disconnect right away,” David Berteau, president and CEO of the Professional Services Council, said.  Berteau said the contractor has to follow the contract unless their contracting officer gives guidance to the contrary. More

China Threatens Electronic Strikes on Navy (Washington Times, 3/18/20)

China has called for using electromagnetic attacks on U.S. warships transiting the South China Sea, according to a state-run Chinese outlet.  The Communist Party-affiliated organ Global Times, quoting a military expert, said the use of nonlethal electromagnetic and laser weapons should be used by the People’s Liberation Army to expel American warships from the disputed sea.

The report followed China’s potentially dangerous use of a laser against a Navy P-8A maritime patrol aircraft near Guam last month, and an earlier lasing two years ago of C-130 aircraft near China’s military base in Djibouti on the coast of Africa.  The article was published the same day the Pacific Fleet announced on Twitter that the aircraft carrier strike group led by the USS Theodore Roosevelt, and the USS America, an amphibious assault carrier and leader of an expeditionary strike group, were conducting exercises in the South China Sea. More

Man Gets 4 Years for Smuggling Classified Info to China (SF Chronicle, 3/17/20)

A California man was sentenced to four years in federal prison last week for smuggling purported national security information to China for more than two years.  Prosecutors said the smuggling carried out by Xuehua “Edward” Peng was actually managed by an undercover agent using classified data that the U.S. government had decided could be safely released.  But U.S. Attorney David Anderson said Peng “will now spend years in prison for compromising the security of the United States.”

Peng, 56, entered the U.S. from China on a business visa in 2001 and became a U.S. citizen in 2012.  He ran a travel business for Chinese visitors before his arrest in September.  According to an FBI affidavit, a confidential U.S. source met in 2015 with officers of China’s Ministry of State Security and offered to supply classified information through a California man who had family and business dealings in China. More

Pentagon Keeps Eye on Defense Industrial Base as COVID-19 Pandemic Evolves (Air Force Magazine, 3/17/20)

The Pentagon has started a daily dialogue with its top vendors as it attempts to measure and mitigate the impact of the COVID-19 crisis on the defense industry.  Meanwhile, Boeing and Lockheed Martin said production on major acquisition systems like the KC-46 tanker and F-35 strike fighter will continue.

Under Secretary of Defense Ellen Lord last week held her first call with members of the Aerospace Industries Association, National Defense Industrial Association, Professional Services Council, National Association of Manufacturers, and the Chamber of Commerce to “ensure the security, reliability, and resilience of our defense industrial base and our collective effort to execute the National Defense Strategy,” said Pentagon spokesman Lt. Col. Mike Andrews in a statement.  Andrews declined to provide any additional details about what was discussed on the call, saying the DoD wanted everyone to be able to speak freely. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Impact 2020 Announcement


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button