NCSC launches phishing awareness campaign

National Counterintelligence and Security Center Director Bill Evanina.

NCSC Director Bill Evanina says the target audience for the anti-spear phishing campaign is all Americans.

The National Counterintelligence and Security Center has begun a campaign to warn federal employees and their families of the dangers of spear phishing, becoming the latest organization to publicly recognize the threat of targeted, malicious emails.

If “just a few people don’t click the link, it may save a massive breach in the future,” NCSC Director Bill Evanina said Sept. 9 at a conference hosted by the Intelligence and National Security Alliance and AFCEA. The vast majority of significant breaches in the public and private sectors have started with spear phishing, he added.

The counter-spear phishing initiative is part of a broader four-part security campaign from NCSC whose other components will focus on “human targeting,” social media awareness and travel advisories, Evanina said. 

The campaign will feature short videos, posters and literature on the do’s and don’ts for better cyber hygiene, Evanina. The video shown at the conference featured a fat-fingered, unwitting man in a coffee shop clicking on a spear phishing email. His bank account was promptly drained of funding by a hooded hacker, after which a clean-cut man appeared on the screen to sternly warn the viewer not to follow suit.

Evanina said the target audience for the initiative is all Americans. Forty-seven percent of American adults have been victims of a breach in the last year, he said.

The NCSC initiative is part of the government’s cleanup operation after the hack of the Office of Personnel Management that exposed data on 22 million current and former federal employees, contractors and others. Last week, OPM and the Defense Department awarded a $133 million contract to protect the 21.5 million people whose background check data was compromised in the breach. 

The NCSC initiative is in line with a focus from DOD CIO Terry Halvorsen on dulling the impact of phishing and clamping down on poor cyber hygiene. Halvorsen has warned Pentagon employees and their families of the dangers of phishing in an official memo, and is reportedly kicking off DOD networks users who don’t meet cybersecurity standards.

Earlier at the Sept. 9 conference, Director of National Intelligence James Clapper declared the federal system of conducting background checks to be “broken” and said its flaws were exacerbated by the struggles of previous OPM contractors. The OPM hackers were able to infiltrate agency networks via a contractor, KeyPoint Government Solutions.

“The system we have now doesn’t work and I think the only hope here is … a system of continuous evaluation which would depend heavily on automation,” Clapper said.

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected