Government Digital Service trials e-mail ‘assurance’ tool

Written by Jim Dunton on 24 February 2016 in News
News

A new tool has been developed to give public-sector workers more confidence that the e-mails they send and receive are secure

A new assurance tool developed to give public-sector staff confidence that their e-mail communications are secure is being rolled out to a pool of testers this week, a Government Digital Service leader has said.

It will monitor the way e-mail communications are sent, with particular reference to the Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols. 

Nick Woodcraft, applications product manager with the GDS’s common technology services products team, said the assurance tool was part of a three-area focus on e-mail security that coincided with the shift to cloud-based e-mail services.


Related content

Government Digital Service calls in "hackers" to test its platform
Using lessons from Government Digital Service to the Greater London Authority


In a blog post this week, Woodcraft said the GDS was telling government organisations to use policy to ensure TLS was used in any e-mail exchanges over the internet including, as far as possible, when talking to people outside government. But he added that system users also needed assurance that security measures were in place. 

“When you send or receive an e-mail you don’t get any indication of how it was sent, and the people looking after the servers get limited information,” he said. 

“Although TLS and DMARC are widely supported open protocols, the nature of the Simple Mail Transfer Protocol on which e-mail is built makes it difficult to get assurance about their implementation.

“To provide this we are building a tool to monitor TLS and DMARC use across government, providing a way to check if a service is secure. It will give you a dashboard of the domains in your organisation, a way to check whether an e-mail sent between two domains should be secure, and a whitelist of domains that are set up securely.”

Woodcraft said the tool had already undergone some user testing and was being made available to a “limited number” of people this week before a full launch.

Last week the Cabinet Office published new guidance for anyone setting up e-mail services for government organisations. 
 

Share this page

Tags

Categories

Add new comment

Related Articles

Number of civil servants in digital, data, and tech roles continues to rise
21 July 2017

While the civil service has shrunk dramatically, its volume and proportion of IT and digital professionals have gone up and up, ONS data reveals

No going back on shift away from big IT vendors, says former No. 10 policy guru
3 July 2017

Taking a punt on a start-up is better than explaining costly failures to the Public Accounts Committee, according to Daniel Korski

Related Sponsored Articles

Defence in a digital and disruptive era: innovation in IT
8 June 2017

BT looks at turning points within the UK defence sector, the evolving nature of warfare and how new cyber-attacks pose new questions for our national defence