Federal Agencies Ordered to Adopt Basic Email Security Measures After Years of Doing Nothing
The Trump administration is now pushing federal agencies to
adopt basic security protocols designed to protect government emails against spoofing and
on Monday that a senior
STARTTLS is a basic encryption protocol designed to prevent the interception of
While the US intelligence community has already widely adopted such measures-which only happened after significant prodding -the fact that most government agencies have not has long been a point of admonition among security experts. The agency responsible for managing the Pentagon's email systems announced just this summer that it intended to adopt STARTTLS, which has been around for about 15 years.
But civilian agencies-such as the Departments of Education, Commerce, and Energy-had yet to make such an announcement. As the leading civilian cybersecurity authority, Homeland Security is charged with ensuring that federal agencies adhere to best security practices, and it is authorized to issue binding directives enforcing the new policies.
According to Reuters, the order to begin implementing STARTTLS and DMARC is expected to come down later today.
While the Trump administration will be widely praised for the decision, which comes on the heels of President Donald Trump declaring October to be "Cybersecurity Awareness Month," Senator Ron Wyden, Democrat of Oregon, deserves much of the credit.
to DHS to push for DMARC adoption in July. Prior to that, he had publicly questioned the Department of Defense over why STARTTLS was not in use; the decision to adopt it followed shortly thereafter.
"I've been pushing federal agencies to take cybersecurity seriously, and today's new policy is a good, basic step," Wyden said in a statement. "STARTTLS encryption and anti-phishing technologies like DMARC are two cheap, effective ways to secure email from being intercepted or impersonated by bad guys.
Added Wyden: "It's my hope that other government agencies recognize the clear security benefits of strong encryption, and that private sector companies move quickly to upgrade their own email security."
[ Reuters ]