Jan 12 2022

CISA Considers Plan to Enhance Security for Federal Civilian Email Systems

The Cybersecurity and Infrastructure Security Agency is seeking technology to improve threat hunting and incident response for federal email

With many federal employees continuing to work remotely, phishing attacks remain a key cybersecurity threat. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency wants to boost its ability to secure federal email systems from phishing and other cyberattacks.

Late last year, CISA, via the General Services Administration, issued a request for information on how it can better protect federal civilian .gov domains from cybersecurity threats. As part of that, CISA says it is exploring a protective email service, or PES, to protect federal email traffic and to conduct threat hunting and incident response. The PES would cover about 100 agencies and roughly 4 million users.

In 2017, DHS required agencies to adopt an email protection protocol called Domain-based Message Authentication, Reporting and Conformance. An industry standard, DMARC is an email authentication policy and reporting protocol that’s designed to prevent email spoofing — when malicious actors make it appear that an email is coming from someone else — which is the foundation of phishing.

Join FCW and CDW•G on Jan. 26 to explore how to minimize your risk footprint for a cyberattack.

In early 2018, DHS officials said they were encouraged by the adoption of DMARC in the federal government. According to a 2021 report, 78 percent of all federal domains had published a DMARC record, and 74 percent of those had an enforcement policy to protect them from spoofing.

Recently, as Nextgov reports, “Congress has been trying to boost funding for CISA to exercise new powers that allow it to scour the entire civilian federal government for threats under the 2021 National Defense Authorization Act.”

Click the banner to get access to customized content on cybersecurity by becoming an Insider.

CISA Wants a More Robust Email Security Approach

CISA outlined its vision for what the PES should look like. It should be cloud-based “and accessible to authorized entities via a management console and application program interfaces,” according to the RFI.

The goal of the system would be to normalize and provide baseline security and visibility for federal civilian agencies’ email and to protect those systems from malicious email content.

Additionally, CISA wants PES to “detect and prevent the federal enterprise email from being used as a vector for malicious threat actors against itself and non-federal entities.”

PES should “provide appropriate visibility into agency email traffic to enable CISA Global Operators to conduct cyber hunt and incident response.” The system should also leverage CISA and other agencies’ data holdings “in cyber hunt, prevention, mitigation and incident response activities.”

The system should provide CISA with forensic reports about email security, according to the RFI, including reports on daily, weekly or monthly threat trends. CISA also wants the ability to generate reports on trends specific to threat campaigns or departments or agencies, and the ability to identify threats based on behavioral intelligence. PES would also need to provide threat intelligence and information on specific malicious threat campaigns.

According to the RFI, CISA will have some level of authority over agency email networks. “Agency email service operators and administrators will continue to perform their operational mission,” the RFI states. “They will have access to their agency PES data and additional policy settings but will not be able to override CISA globally provisioned policies.”

EXPLORE: Create a zero-trust environment among users and on your network.

alexsl/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT