Sen. Ron Wyden, D-Ore., has asked the Department of Homeland Security to provide an update on the implementation of a cybersecurity measure that would prevent attackers from impersonating federal agencies through email.
Wyden, in an Aug. 2 letter addressed to DHS National Protection and Program Directorate Undersecretary Christopher Krebs, inquired about agencies that have not yet enabled the automatic sending of Domain-based Message Authentication, Reporting and Conformance reports to Homeland Security.
DMARC is a cybersecurity technology that helps verify the authenticity of an email, and features reporting and blocking mechanisms for messages that fail the authentication process.
Binding Operational Directive 18-01, which the DHS issued in October last year following Wyden’s recommendation, gave federal agencies up to January 14 this year to implement the automatic reporting system.
Wyden pointed out, however, that reporting “is only the first step” and wanted to know what measures the DHS has taken to collect and analyze the data.
The senator also asked whether the DHS has already produced actionable cyber intelligence based on the reports.
The DHS has until the end of the month to reply.