As the nation’s risk advisor, CISA brings our partners in industry and the full power of the federal government together to improve American cyber and infrastructure security.
The Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring the evolving Coronavirus - also known as COVID-19 - situation closely, taking part in government and industry coordination calls, issuing guidance and working with critical infrastructure partners to prepare for, respond to, and mitigate effects in the U.S.
This whole-of-nation effort is led by Health and Human Services through the Centers for Disease Control, with all other agencies, including CISA, in a support role.
The first and best source of authoritative information on COVID-19 is coronavirus.gov, where visitors will find information on the virus itself, situation updates, and tailored information for audiences including communities, schools, and businesses, as well as others.
Of note, CDC has posted interim guidance for businesses and employers to plan and respond to COVID-19, and CDC will update this interim guidance as needed and as additional information becomes available.
Check back for updates and additional information.
What the U.S. Government is Doing
The White House, in conjunction with CDC and Health and Human Services have launched https://www.coronavirus.gov/.
GSA has created a landing page on USA.gov for government-wide information related to COVID-19 activities. The page is located at https://www.usa.gov/coronavirus and the Spanish page is at https://gobierno.usa.gov/coronavirus.
What DHS is Doing
The Department of Homeland Security (DHS) efforts in preparedness and readiness have facilitated a speedy, whole-of-government response in confronting COVID-19, keeping Americans safe, and helping detect and slow the spread of the virus. Learn more at https://www.dhs.gov/coronavirus.
The Federal Emergency Management Agency (FEMA) is assisting state, local, tribal, territorial governments and other eligible entities with the health and safety actions they take on behalf of the American public. Learn more at https://www.fema.gov/coronavirus. FEMA and HHS are working to deliver additional supplies and ventilators and is working to procure and track commodities to supplement state and tribal purchases. Learn more at https://www.fema.gov/coronavirus/faq.
Guidance on the Essential Critical Infrastructure Workforce
NOTE: This information was originally posted on March 19 and was updated on March 28.
Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being. Certain critical infrastructure industries have a special responsibility in these times to continue operations.
This guidance and accompanying list are intended to support State, Local, and industry partners in identifying the critical infrastructure sectors and the essential workers needed to maintain the services and functions Americans depend on daily and need to be able to operate resiliently during the COVID-19 pandemic response.
This document gives guidance to state, local, tribal, and territorial jurisdictions and the private sector on defining essential critical infrastructure workers. Promoting the ability of such workers to continue to work during periods of community restriction, access management, social distancing, or closure orders/directives is crucial to community resilience and continuity of essential functions. CISA made a technical update to the document on March 23, 2020 to clarify the description of a small number of essential services and functions in the list.
CISA Insights: Risk Management for Novel Coronavirus (COVID-19)
The CISA Insights: Risk Management for Novel Coronavirus (COVID-19) provides executives a tool to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. According to the U.S. Centers for Disease Control and Prevention (CDC), COVID-19 has been detected in locations around the world, including multiple areas throughout the U.S. This is a rapidly evolving situation and for more information, visit the CDC’s COVID-19 Situation Summary.
COVID-19 Cyber Alert
On March 6, 2020 the Cybersecurity and Infrastructure Security Agency (CISA) released an alert reminding individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
On March 13, 2020, CISA released an alert encouraging organizations to adopt a heightened state of cybersecurity when considering alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network.
The following are cybersecurity considerations regarding telework.
- As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
- As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
- Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
- Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
- Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.
CISA encourages organizations to review the following recommendations when considering alternate workplace options.
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations. See CISA Tips Understanding Patches and Securing Network Infrastructure Devices.
- Alert employees to an expected increase in phishing attempts. See CISA Tip Avoiding Social Engineering and Phishing Attacks.
- Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery. Per the National Institute of Standards and Technology (NIST) Special Publication 800-46 v.2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, these tasks should be documented in the configuration management policy.
- Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords. (See CISA Tips Choosing and Protecting Passwords and Supplementing Passwords for more information.)
- Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.
- Contact CISA to report incidents, phishing, malware, and other cybersecurity concerns.
CISA Statement on Reported HHS Cyber Activity
WASHINGTON - CISA will continue to support our partners at HHS as they protect their IT systems. CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.
Additional Telework Resources From Our Partners
As the nation and workforce transitions to virtual offices, more and more business is being done virtually. The following organizations offer resources designed to assist in helping make the leap from traditional offices to virtual workspace easier and more secure. These resources may include links to other sites, and are provided as a convenience to you and as an additional way to access the information contained therein. DHS/CISA is not responsible for the content of any other sites or any products or services that may be offered.
- The Office of Personnel Management should be the government's first stop for telework guidance.
- The National Institute of Standards and Technology’s (NIST) blog, “Preventing Eavesdropping and Protecting Privacy on Virtual Meetings,” addresses security concerns with virtual meetings.
- The Cyber Readiness Institute has developed a quick guide, “Securing a Remote Workforce” for businesses.
- Finally, the National Cyber Security Alliance has launched a COVID-19 Security Resource Library featuring free and updated information on current scams, cyber threats, remote working, disaster relief, and more.
- The Global Cyber Alliance offers three simple tips for working from home.
- NIST has guidelines on telework and remote access to help organizations mitigate security risks associated with the enterprise technologies used for teleworking