We can all agree that privacy in the government is of great importance and if there are issues, they need to be addressed immediately. According to a report from security firm Global Cyber Alliance (GCA), it appears that more than 95 percent of the email domains managed by the Executive Office of the President (EOP), including WhiteHouse.gov. These are all vulnerable to phishing attack due to lax security protocol.
The report says that the best defense against email phishing and spoofing is called the Domain Message Authentication Reporting & Conformance (DMARC), and only one of the domains from the EOP (Max.gov) has fully implemented this system. Sever domains have implemented DMARC at the lower set level, but does not prevent delivery of email from spoofed addresses. The security firm also adds that it found 18 of the 26 domains haven’t even started deploying the DMARC system yet. What this means is that scammers can easily use official government email addresses to “steal money, trade secrets or even jeopardize national security.”
“Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet,” said GCA CEO Philip Reitinger in a statement. “The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed.”
Not all is bad though. Good news, according to Reitinger, is that four new email domains have at least implemented the lowest level of DMARC, meaning implementation of the security system might be moving forward. There still appears to be much more progress to be made, but at least some progress is occurring.