DMARC Enters Australian Government Domain

Image: Asha Barbaschow / ZDNet

Domain-based message authentication, reporting, and conformance (DMARC) are emails used by users who perform phishing campaigns and business email scams by verifying that incoming emails are actually from the server. It’s one of the easiest and easiest ways to prevent spoofing. It claims to be so.

As of the end of 2018, only 5.5% of Australian Government domains have DMARC implemented, which will change.

The appearance of the Labor Senator asking all Australian government agencies about the implementation of DMARC gives us some idea of ​​how much progress we have made.

The most important response to date is that of the Parliamentary Services Authority (DPS), which provides IT services to many other institutions.

Regarding whether DMARC was “fully implemented”, he said the DPS wasn’t complete yet, but the job was money.

“The implementation of DMARC is funded as part of the DPS capital budget for 2020-21,” the agency said.

Other agencies are more positive, saying that ASC, formerly known as the Australian Submarine Authority, has reached the stage of respecting other DMARC records but has not yet released its own DMARC DNS records.

Similarly, the Governor’s Secretary-General said the domain was in notification mode, thanks to a recent assessment by the Australian Cyber ​​Security Center (ACSC), and the actual implementation was by “Office’s Government-Wide Secure Internet Gateway.” I said there is. Provider “.

“Office will act on the advice of ACSC as part of its participation in the Cyber ​​Uplift Program for Federal Systems. ACSC recommends that this is an effective mitigation against phishing email threats. I am. ”

Another set of agencies, such as the National Australia Day Council, hastened to answer questions related to DMARC.

“In response to these notification questions, publicly reporting individual agencies’ compliance with Essential 8 / Top 4 or specific cyber mitigation measures provides a snapshot of the federal government’s overall cybersecurity maturity. As a result, vulnerabilities that can be exploited by malicious attackers increase the risk of government cyber incidents. ”

A brief check shows that the council has DMARC turned on.

Government agencies said Australia was under attack by state-based officials after a press conference by Prime Minister Scott Morrison in June, saying that answering 16 questions on this topic would increase vulnerabilities. After that, I avoided much more about what steps I took. map.

The Director of National Intelligence (ONI), usually one of the more secretive agencies, provided details on the response.

“Major ONIIT systems have been certified to meet the PSPF and ISM policy requirements of sensitive information systems. In addition, these IT systems have a high level of maturity for Essential 8 security management at the Australian Cyber ​​Security Center (ACSC). I am satisfied with. ”

“Following the ACSC threat reporting of the aforementioned cyberattacks against government systems, ONI conducted a qualitative compliance assessment of Essential 8 security controls following the ACSC Cyber ​​Uplift Initiative.

“ONI’s information technology security details are a national security issue and cannot be provided in non-confidential forums.”

ONI reused the last paragraph to avoid answering if there is a DMARC record.

Last week, the Parliamentary Services Department dragged Parlview tools into the modern era and finally stopped using Flash.

DPS told ZDNet that the new version reduces playback latency between HTML5 real-time streams and Parlview, has additional screen captions, and provides a more accurate search.

Never miss the antique of Sayonara Flash Parlview, playback reset and browser crash.

Related coverage

DMARC Enters Australian Government Domain

Source link DMARC Enters Australian Government Domain

Back to top button