Oct 16, 2017

DHS orders federal agencies to beef up cybersecurity

Homeland Security Department headquarters in northwest Washington. Photo: Susan Walsh / AP

The Department of Homeland Security announced a new binding directive today for federal agencies to adopt basic web and email security features. They've been told to use DMARC, an email security protocol to protect against spammers and phishers, and STARTLLS, which would send email over an encrypted channel when available.

Why it matters: Jeanette Manfra, Assistant Secretary for the Office of Cybersecurity and Communications, warned in a statement: "A single spoofed email can compromise the security of an entire organization, and a breach at one organization can sometimes leave an entire industry open to similar attacks and vulnerable to fraud."

What to expect: In 120 days all federal agencies will be required to deploy https for its web sites, and in 90 days they'll be required to roll out beefed up email security.

The back story: This isn't the first time the government has ordered the adoption of these enhanced measures. The Obama administration rolled out a similar directive in 2015, but two years later only about one-quarter of agency sites support encryption.

Go deeper