Lawmaker pushes DHS to adopt secure email authentication protocol
Sen. Ron Wyden, D-Ore., wants the federal government to adopt a protocol that would defend and protect government offices from email spoofing and phishing attempts.
Wyden sent a letter to Department of Homeland Security acting Deputy Undersecretary of Cybersecurity Jeanette Manfra urging for the adoption of Domain-based Message Authentication, Reporting & Conformance, widely known as DMARC, a technical standard finalized in 2015 by contributors including Google, Yahoo, Mail.ru, JPMorganChase and Symantec.
As CyberScoop’s Patrick O’Neill reports, the push for widespread adoption of DMARC is particularly timely now in the wake of a June 2017 report concluding that less than one-third of the largest 98 public and private hospitals in the United States secure their email with the technology. The same email-based threats faced by private enterprise have hit the U.S. government, especially in the last year.
“The threat posed by criminals and foreign governments impersonating U.S. government agencies is real,” Wyden wrote. “For example, in May, news reports revealed an active phishing campaign in which hackers were sending emails purporting to come from the Defense Security Service. Likewise, in 2016, the Internal Revenue Service reported a 400 percent increase in attempts by criminals to impersonate the agency through phishing.”
DHS is tasked with defending federal networks and has the authority, under the Federal Information Security Modernization Act, to mandate agencies enable DMARC.
Read more About Wyden’s letter on CyberScoop.