Federal Agencies Tap Online Trust Alliance for Training

Thursday, November 17, 2011



The Online Trust Alliance (OTA) announced it has been awarded a contract to offer training on email authentication for all U.S government agencies and organizations.

This effort is a critical part of the front line of defense against cyber threats as outlined by President Obama and Cybersecurity coordinator Howard Schmidt. 

Once deployed, email authentication helps to increase the resiliency of the United States’ infrastructure, including the ability to detect and block malicious email threats.

OTA has created a curriculum that is being delivered through the CERT Program at the Carnegie Mellon University Software Engineering Institute (SEI) to the Department of Homeland Security (DHS) for online delivery to federal employees.

Email authentication is a key defensive cybersecurity tool for the public and private sector to aid in the detection of malicious and deceptive email. This initiative reflects DHS’s commitment to accelerating best practices in cyber-security and supporting the National Strategy for Trusted Identities in Cyberspace (NSTIC), and will allow federal employees to better protect agencies, employees and U.S. citizens.

“Email authentication is the front line defense for the escalating levels of spear phishing targeting government agencies and businesses which is undermining the trust and confidence of online services,” said Craig Spiezle, executive director and president, Online Trust Alliance.

“This program, supported by the White House, will help stem the tide of malicious and deceptive email. This is a great example of the public and private sector working together to help increase end-to-end trust of our nation’s critical infrastructure.”

Such threats as spear-phishing target business executives, senior level officials and political figures by forging a known and trusted sender’s email address in order to get the recipient to open the malicious email and install malware. 

Once deployed, the cybercriminals attempt to compromise systems with multiple forms of malware including zero-day exploits, to gain credentials giving them access to proprietary and sensitive data or the ability to monitor user’s online activities.

Email Authentication emerged in 2003 from several industry efforts seeking to address the rising tide of spam and forged email. Using either email authentication technology that resulted, DomainKeys Identified Mail (DKIM) or Sender Policy Framework (SPF), or both, is recognized as an online security best practice by the Federal Trade Commission, Federal Communications Commission, Department of Homeland Security, U.S. Postal Inspection Service, U.S. Senate, and leading industry trade organizations.

Both SPF and DKIM provide ways for email senders to take responsibility for the email they send, and for receivers to validate that the purported sender is valid and not forged. Based on research released by OTA in October 2011, adoption by leading Federal agencies has increased to 40% - up from 32% from April 2010.[1]  

This training is being delivered by industry experts from OTA staff and member companies including AG Interactive, Agari and Return Path.  These companies and their employees have completed rigorous certification testing and real-world deployments working with leading ISPs, businesses and government agencies.

About The Online Trust Alliance: OTA’s mission is to develop and advocate best practices, training and public policy which mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers. OTA's goal is to increase consumer protection, transparency and control of their data and online activities, thereby enhancing online trust and confidence and the long-term vitality and innovation of Internet-based services. For more information about OTA, please visit: https://otalliance.org.

Source:  https://otalliance.org/news/releases/2011DHS.html

Possibly Related Articles:
Security Training
Email Authentication malware Government Training Headlines spear-phishing NSTIC OTA Online Trust Alliance
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.