CyberScoop: Wyden urges DHS to adopt secure email authentication protocol

Cyberscoop writes about Senator Ron Wyden's efforts to secure the U.S. Senate e-mail servers.

Sen. Ron Wyden, D-Ore., has asked the Department of Homeland Security to move the federal government to adopt a protocol that would defend and protect government offices from email spoofing and phishing attempts.

According to a letter sent to acting DHS Deputy Undersecretary of Cybersecurity Jeanette Manfra, Wyden wants the government to adopt Domain-based Message Authentication, Reporting & Conformance. Widely known as DMARC, the protocol is a technical standard finalized in 2015 by contributors including Google, Yahoo, Mail.ru, JPMorganChase and Symantec.

The push for widespread adoption of DMARC is particularly timely now in the wake of a June 2017 report concluding that less than one-third of the largest 98 public and private hospitals in the United States secure their email with the technology. The same email-based threats faced by private enterprise have hit the U.S. government, especially in the last year.

“The threat posed by criminals and foreign governments impersonating U.S. government agencies is real,” Wyden wrote. “For example, in May, news reports revealed an active phishing campaign in which hackers were sending emails purporting to come from the Defense Security Service. Likewise, in 2016, the Internal Revenue Service reported a 400 percent increase in attempts by criminals to impersonate the agency through phishing.”