Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Trump administration imposing new email security protocols for agencies

Published 10/16/2017, 11:00 AM
© Reuters. Jeanette Manfra, Acting Deputy Undersecretary for Cybersecurity at the DHS, testifies about Russian interference in U.S. elections to the Senate Intelligence Committee in Washington
MSFT
-
GOOGL
-
GOOG
-

By Dustin Volz

WASHINGTON (Reuters) - The Trump administration on Monday will order federal agencies to adopt common email security standards in an effort to better protect against hackers, a senior Department of Homeland Security official said.

DHS Assistant Secretary for Cybersecurity Jeanette Manfra, speaking at an event in New York, said the agency would issue a binding directive to require implementation of two cyber security measures, known as DMARC and STARTTLS, intended to guard against email spoofing and phishing attacks.

The new requirements are "discrete steps that have scalable, broad impact" that will improve federal government cyber security, Manfra said.

DMARC, or domain-based message authentication, reporting and conformance, is a decade-old popular technical standard that helps detect and block email impersonation, such as when a hacker might try to pose as a government official or agency.

STARTTLS is a form of encryption technology that protects email traveling between servers, making it more difficult for a third-party to intercept.

Civilian agencies will have 90 days to implement the new security measures, Manfra said.

Many agencies already use DMARC and STARTTLS but recent reviews have found the protocols are not used universally across government.

Foreign governments and other hackers have pilfered millions of personal records and other sensitive data from the U.S. government in recent years. The Trump administration has made upgrading government agencies' much-maligned network security a top cyber priority.

Democratic Senator Ron Wyden, who earlier this year pushed federal agencies to adopt the security standards more widely, said in a statement the moves were "two cheap, effective ways to secure email from being intercepted or impersonated by bad guys."

He said he hoped the decision would compel private sector companies to upgrade their own email security quickly.

An August report from the Global Cyber Alliance, an international non-profit, found that federal government adoption of DMARC had been rising in recent months but that less than 10 percent of domains had the protocol fully implemented.

© Reuters. Jeanette Manfra, Acting Deputy Undersecretary for Cybersecurity at the DHS, testifies about Russian interference in U.S. elections to the Senate Intelligence Committee in Washington

Usage of DMARC is much higher on the consumer level with 85 percent of inboxes, including those hosted by Alphabet's Google (O:GOOGL) or Microsoft (O:MSFT), supporting the standard, according to the Global Cyber Alliance.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.