Even in the federal arena, email is a primary gateway for malicious cybersecurity and phishing attacks that are populated with ransomware and zero day malware. In fact, the theft of personnel files from 21.5 million current and former federal officials from the Office of Personnel Management happened through email.
While the OPM breach happened in 2015, there are always lessons to be learned and a driving need to continually adapt to stay one-step-ahead of the bad guys. This is why the Department of Homeland Security (DHS) just issued a mandate requiring agencies to use new email and web security guidelines that address these types of attacks.
According to this recent Federal News Radio article, DHS is giving agencies 30 days to come up with a plan to implement the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol and the STARTTLS protocol, which signals to a sending mail server that the capability to encrypt an email in transit is present.
The directive also requires agencies to switch all publicly accessible federal websites to HTTPS and HSTS-secure connections within 120 days. This could potentially eliminate a wide-range of security flaws that affect most federal government websites.
“According to DHS’s Cyber Hygiene scanning data, seven of the ten most common vulnerabilities seen across federal agency networks at the issuance of this directive would be addressed through complying with the required actions in this directive related to web security,” wrote Acting DHS Secretary Elaine Duke in a memo to Office of Management and Budget Director Mick Mulvaney.
Federal cybersecurity is always a game of “cat and mouse.” However, by taking the right proactive steps and unifying overall agency cyber efforts, it is possible to ensure the email will no longer be a vulnerability point.
For this, we are naming DHS as this week’s GovTransformer. Stay tuned for our ongoing coverage of other federal executives and their agencies that are truly transforming how they support mission goals through the most effective use of IT.