Homeland Security forces federal agencies to secure their emails

Posted Oct 17, 2017 by James Walker
The U.S. Department of Homeland Security has announced that federal agencies must improve their cybersecurity within the next 90 days. The decision, praised by the Global Cyber Appliance, will force agencies to use HTTPS and secure email accounts.
The Department of Homeland Security
The Department of Homeland Security
Saul Loeb, AFP/File
All federal agencies will have to enable the email security protocol DMARC for their accounts within the next 90 days. This protocol helps to prevent criminal imposters, such as phishers and scammers, from masquerading as official federal agencies to pull off attacks. Use of DMARC could help to put an end to spoofing attacks which seem to come from legitimate agencies.
The feds have a month longer to implement full HTTPS on all their websites. Within the next 120 days, HTTPS and other cybersecurity protocols must be used to protect federal online resources. This will facilitate private communications between users and the federal agency, keeping data secure in transit and reducing the risk of cyberattack.
Homeland Security's Jeanette Manfra announced the new measures during a cybersecurity roundtable at the Global Cyber Alliance. They're designed to address the long-running problems with federal cybersecurity, moving the government towards adoption of modern Internet safeguards. This will better protect the citizens that agencies are supposed to serve.
READ NEXT: JPMorgan announces new payments network based on blockchain tech
"It is critical that U.S. citizens can trust their online engagements with all levels of the federal government," Market Insider reports Manfra said during the launch. "Today, we are calling on all federal agencies to deploy a toolkit of advanced cybersecurity technologies that will enable them to better fulfill our ultimate mission – serving and protecting the American public."
DMARC in particular will help to reassure citizens that emails from federal agencies are genuine communications. Some agencies have reported a four-fold increase in spoofing attacks over the past few years. Until now, they've been unable to effectively defend against the scammers.
DMARC already protects around 2.5 billion email inboxes globally and is supported by most consumer email services. The technology has taken much longer to reach enterprises and governments though, even though these bodies are the most likely to benefit from its protection. Federal agencies will implement DMARC in a way that prevents impersonation attacks across 1,300 U.S. government domains, showing large-scale deployments can be accomplished.