DHS orders federal agencies to bolster cybersecurity with HTTPS, email authentication


On Monday, the US Department of Homeland Security announced a new requirement for federal agencies to employ web and email encryption to boost cybersecurity protections.

At a cybersecurity roundtable hosted by the Global Cyber Alliance, Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, issued a Binding Operational Directive (BOD) for these federal agencies to implement these cyber policies.

Within 90 days, all federal agencies must deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance). This will help prevent spam and phishing attackers from using federal agency email domains to conduct their attacks. Organizations using DMARC receive less than a quarter of the threats received by those that do not use the technology, according to a report from security firm GreatHorn.

And within 120 days, all federal agencies must employ HTTPS (Hypertext Transfer Protocol Secure) for all websites to ensure safer connections for citizens, and use other encryption protocols such as STARTTLS to help ensure that communications with the federal government are secure.

“It is critical that U.S. citizens can trust their online engagements with all levels of the federal government,” Manfra said in a press release. “Today, we are calling on all federal agencies to deploy a toolkit of advanced cybersecurity technologies that will enable them to better fulfill our ultimate mission – serving and protecting the American public.”

Some 85% of consumer email inboxes in the US support DMARC, including Gmail, Yahoo, and Microsoft accounts. But DMARC adoption rates among government and enterprises remains low, according to the Global Cyber Alliance.

Read more…

Source: TechRepublic