|
Department of Homeland Security Selects Online
Trust Alliance to Provide Training to Government Employees
OTA to
Share Expert Intelligence and Best Practices to Protect Agencies and
Citizens from Targeted Email Attacks
Washington DC – November 16, 2011 -- The
Online Trust Alliance (OTA) today
announced it has been awarded a contract to offer training on email
authentication for all U.S government agencies and organizations. This
effort is a critical part of the front line of defense against cyber threats
as outlined by President Obama and Cybersecurity coordinator Howard
Schmidt. Once deployed, email authentication helps to increase the
resiliency of the United States’ infrastructure, including the ability to
detect and block malicious email threats.
OTA has created a curriculum that is being delivered
through the CERT Program at the Carnegie Mellon University Software
Engineering Institute (SEI) to the Department of Homeland Security (DHS) for
online delivery to federal employees. Email authentication is a key
defensive cybersecurity tool for the public and private sector to aid in the
detection of malicious and deceptive email. This initiative reflects DHS’s
commitment to accelerating best practices in cyber-security and supporting
the National Strategy for Trusted Identities in Cyberspace (NSTIC), and will
allow federal employees to better protect agencies, employees and U.S.
citizens.
“Email authentication is the front line defense for the
escalating levels of spear phishing targeting government agencies and
businesses which is undermining the trust and confidence of online
services,” said Craig Spiezle, executive director and president, Online
Trust Alliance. “This program, supported by the White House, will help stem
the tide of malicious and deceptive email. This is a great example of the
public and private sector working together to help increase end-to-end trust
of our nation’s critical infrastructure.”
Such threats as spear-phishing target business
executives, senior level officials and political figures by forging a known
and trusted sender’s email address in order to get the recipient to open the
malicious email and install malware. Once deployed, the cybercriminals
attempt to compromise systems with multiple forms of malware including
zero-day exploits, to gain credentials giving them access to proprietary and
sensitive data or the ability to monitor user’s online activities.
Email
Authentication emerged in 2003 from several industry efforts seeking to
address the rising tide of spam and forged email. Using either email
authentication technology that resulted, DomainKeys Identified Mail (DKIM)
or Sender Policy Framework (SPF), or both, is recognized as an online
security best practice by the Federal Trade Commission, Federal
Communications Commission, Department of Homeland Security, U.S. Postal
Inspection Service, U.S. Senate, and leading industry trade organizations.
Both SPF and DKIM provide ways for email senders to take responsibility for
the email they send, and for receivers to validate that the purported sender
is valid and not forged. Based on research released by OTA in October 2011,
adoption by leading Federal agencies has increased to 40% - up from 32% from
April 2010.[1]
This training is being delivered by industry experts from
OTA staff and member companies including AG Interactive, Agari and Return
Path. These companies and their employees have completed rigorous
certification testing and real-world deployments working with leading ISPs,
businesses and government agencies.
[1]
https://otalliance.org/news/releases/EmailAuthTPoint.html.
About The Online Trust Alliance
(OTA)
OTA’s mission is to develop
and advocate best practices, training and public policy which mitigate
emerging privacy, identity and security threats to online services, brands,
government, organizations and consumers. OTA's goal is to increase consumer
protection, transparency and control of their data and online activities,
thereby enhancing online trust and confidence and the long-term vitality and
innovation of Internet-based services. For more information about OTA,
please visit: https://otalliance.org.
For media inquiries contact:
| 