MeriTalk News Briefs: A Double Dose of DMARC, Letters and Bills Galore

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

Report Says More Than Half of Federal Domains Now Have DMARC Active Enforcement

A report released today by email security company Agari found that 52 percent, or 593 of 1,144 Federal agency domains, have implemented full enforcement of the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. Agari said that more than half of Federal domains had implemented “p=reject” policies, well ahead of an October 16, 2018 deadline to do so under Department of Homeland Security (DHS) binding operational directive (BOD) 18-01. The DMARC protocol authenticates an email’s sender to prevent phishing and spoofing, but many Federal domains had been lagging in enforcement. Research from Valimail from June said that active enforcement was at 31 percent at the time. Agari’s research found that 81 percent of Federal domains had completed the initial deployment of DMARC, which is lower than an 87 percent figure provided by DHS on July 18.

DoD Looking to Follow DHS Lead on DMARC Enforcement

It appears the Defense Department (DoD) is also falling into formation with civilian agencies’ move to DMARC enforcement. DoD CIO Dana Deasy, in a July 20 letter to Sen. Ron Wyden, D-Ore., said that DoD will release a Joint Force Headquarters-DoD Information Network Task Order by August 17 in order to implement DMARC and other cybersecurity measures contained in DHS BOD 18-01, under DoD authorities. The task order will provide DoD’s plan for implementing the BOD’s measures “with a target completion date of December 31, 2018.” Wyden had sent a letter to Deasy on May 22 inquiring about the cybersecurity of DoD’s public-facing websites and services, and Deasy responded saying DoD has been working on web and email security for several years, with policy adjustment to implement capabilities occurring in the last two to three years. “DoD will monitor the Task Order implementation to ensure DoD public-facing websites and services remain secure,” Deasy said.

Cantwell, Graham Urge Greater Cyber Protections for Energy Networks

Sens. Maria Cantwell, D-Wash., and Lindsey Graham, R-S.C., urged President Trump in a July 25 letter to take “stronger actions prioritizing cybersecurity of energy networks” and fighting “cyber aggression,” following a report earlier this month in the Wall Street Journal that hackers working for Russia were able to penetrate the control rooms of U.S. energy facilities.  The senators asked for a “thorough written analysis” within 90 days about “the scope of Russian capabilities to use cyber-warfare to threaten our energy infrastructure,” the “extent to which the Russians have already attempted cyber-intrusions into our electric grid, pipelines, and other important energy facilities,” and what steps the Trump administration is taking to combat those Russian cyber threats.

Telework Bill Aims to Thwart ‘Indiscriminate’ Administration Policies

Reps. Gerry Connolly, D-Va., and John Sarbanes, D-Md., today introduced the Telework Metrics and Cost Savings Act, which the congressmen said would “prohibit the kind of indiscriminate anti-telework policies the Trump Administration has announced for the Department of Education and the U.S. Department of Agriculture.”  Earlier this year, the Agriculture Department announced plans to cut back on allowable teleworking by its employees, and a recently enacted collective bargaining agreement at the Education Department has no provision for telework, according to reports.  Reps. Connolly and Sarbanes said their bill would establish uniform guidance for assessing cost savings achieved by telework and require agencies to report telework cost savings.

House, Senate Bills Call For Study of Tech, AI Impact on Kids

New bills introduced today in the House and Senate would authorize the National Institutes of Health (NIH) to conduct research into the impact of a wide range of technology and media on the cognitive, physical, and socio-emotional development of children.  The research would include the impact of media including mobile devices, computers, social media, apps, websites, television, movies, artificial intelligence, video games, and virtual and augmented reality.  The measure calls for $15 million of research funding in fiscal years 2019-21, and $25 million in fiscal years 2022 and 2023.  Sponsors in the Senate include Sens. Edward Markey, D-Mass., and Ben Sasse, R-Neb., and in the House Reps. John Delaney, D-Md., and Ted Budd, R-N.C.

Recent