NEW YORK, October 16, 2017 – The Global Cyber Alliance today applauded the U.S. Department of Homeland Security’s issuance of a Binding Operational Directive (BOD) focused on bolstering email and web site security for all federal agencies that operate .gov email and website domains.
At a cybersecurity roundtable hosted by the Global Cyber Alliance, Jeanette Manfra, Assistant Secretary for the Office of Cybersecurity and Communications, announced that, within the next 90 days, all federal agencies will be required to:
- Deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using federal agency email domains to conduct cyber attacks.
Within the next 120 days, all federal agencies will also be required to:
- Employ HTTPS (Hypertext Transfer Protocol Secure) for all websites to provide more secure connections between citizens and government agencies; and
- Use other protocols along with HTTPS to help ensure that communications with the federal government are secure.
“It is critical that U.S. citizens can trust their online engagements with all levels of the federal government,” Assistant Secretary Manfra said. “Today, we are calling on all federal agencies to deploy a toolkit of advanced cybersecurity technologies that will enable them to better fulfill our ultimate mission – serving and protecting the American public.”
“A single spoofed email can compromise the security of an entire organization, and a breach at one organization can sometimes leave an entire industry open to similar attacks and vulnerable to fraud. Working with our partners, my office is committed to reducing cyber risks worldwide, and I encourage others in both the public and private sector to take precautions against malicious activity by implementing tools like DMARC,” said Manhattan District Attorney Cyrus R. Vance, Jr..
DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 4.8 billion email inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.
“DMARC doesn’t protect email, it protects people,” said Phil Reitinger, President and CEO of the Global Cyber Alliance. “Once federal agencies fully deploy DMARC, citizens cannot be phished by a criminal posing as a government employee. The federal government is stepping up and setting an example that the private sector should follow. If the U.S. government can deploy DMARC across more than 1,300 domains, then we should expect the same of the companies on which we depend.”
For more details on DMARC, please visit: https://dmarc.globalcyberalliance.org/dmarc-media-kit.html
About the Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.
GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.