Trump administration imposing new email security protocols for agencies
Reuters
Published Oct 16, 2017 11:00AM ET
Trump administration imposing new email security protocols for agencies
By Dustin Volz
WASHINGTON (Reuters) - The Trump administration on Monday will order federal agencies to adopt common email security standards in an effort to better protect against hackers, a senior Department of Homeland Security official said.
DHS Assistant Secretary for Cybersecurity Jeanette Manfra, speaking at an event in New York, said the agency would issue a binding directive to require implementation of two cyber security measures, known as DMARC and STARTTLS, intended to guard against email spoofing and phishing attacks.
The new requirements are "discrete steps that have scalable, broad impact" that will improve federal government cyber security, Manfra said.
DMARC, or domain-based message authentication, reporting and conformance, is a decade-old popular technical standard that helps detect and block email impersonation, such as when a hacker might try to pose as a government official or agency.
STARTTLS is a form of encryption technology that protects email traveling between servers, making it more difficult for a third-party to intercept.
Civilian agencies will have 90 days to implement the new security measures, Manfra said.
Many agencies already use DMARC and STARTTLS but recent reviews have found the protocols are not used universally across government.
Foreign governments and other hackers have pilfered millions of personal records and other sensitive data from the U.S. government in recent years. The Trump administration has made upgrading government agencies' much-maligned network security a top cyber priority.
Democratic Senator Ron Wyden, who earlier this year pushed federal agencies to adopt the security standards more widely, said in a statement the moves were "two cheap, effective ways to secure email from being intercepted or impersonated by bad guys."
He said he hoped the decision would compel private sector companies to upgrade their own email security quickly.
An August report from the Global Cyber Alliance, an international non-profit, found that federal government adoption of DMARC had been rising in recent months but that less than 10 percent of domains had the protocol fully implemented.
Get The News You Want
Usage of DMARC is much higher on the consumer level with 85 percent of inboxes, including those hosted by Alphabet's Google (O:GOOGL) or Microsoft (O:MSFT), supporting the standard, according to the Global Cyber Alliance.
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.