DHS Demands Basic Email Security
DHS will issue a "binding directive" which will require the implementaion of security measures for email.
- By Sydny Shepard
- Oct 18, 2017
The Department of Homeland security is (finally!) pushing federal agencies to adopt basic security protocols designed to protect government officials against spoofing and phishing attacks.
Reuters reported on Monday that a senior cybersecurity DHS official confirmed the department will be issuing a "binding directive" which will require the implementation of long overdue security measures within a 90-day period.
Civilian agencies will be required to adopt both DMARC and STARTTLS, two easy-to-implement technologies that are already widely used in the private sector.
The US intelligence community has already adopted such measures, which only happened after significant prodding, but civilian agencies, such as the Departments of Education, Commerce and Energy, have yet to announce that they will be bolstering their cybersecurity.
In addition to the directive given by DHS, other email forces are building up to make bold cybersecurity moves. Alphabet's Google just announced it would be rolling out an advanced protection program in order to provide stronger security for some Gmail users, such as government officials or journalists who are at a higher risk of being targeted by hackers.
The internet company said that users of the program would have their account security continuously updated to deal with emerging threats and it would provide three defenses against those security threats, which would include blocking fraudulent account access and protection against phishing.
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.