The U.S. government is finally taking steps to make its digital communication more secure.
Federal agencies have three months to adopt stricter email security standards that help
detect and prevent email phishing attacks, per an order issued by the Department of Homeland Security on Monday.
The order gave federal agencies 90 days to embrace DMARC, an email
authentication protocol, and STARTTLS, an encryption technology that makes it more difficult for third-parties to intercept emails traveling between servers.
DMARC, or Domain-based Message
Authentication, Reporting and Conformance, is an email authentication, policy and reporting protocol. It builds upon exiting authentication measures like DKIM and SPF to, when properly implemented,
detect and negate email impersonation scams.
Basically, DMARC makes email phishing more difficult because hackers are restricted to using non-protected domain names.
Fewer than
10% of federal domains have fully implemented the DMARC protocol, according to a recent Global Cyber Alliance report, meaning that a majority of government entities are at risk of being impacted by
email phishing attacks.
Democratic Senator Ron Wyden of Oregon sent an open letter to the Department of Homeland Security (DHS) in July calling on the U.S. government to adopt DMARC
immediately to protect government agencies from phishing scams and email fraud.
“I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate
federal agencies,” begins Wyden’s letter. “Industry-standard
technologies exist, and are already used throughout the private sector and even by a few federal agencies, which, if enabled, would make it significantly harder for fraudsters and foreign governments
to impersonate federal agencies.”