The controversy over the management of email systems by former Secretary of State Hillary Clinton has been in the spotlight since March. More recently, in October, the CIA director acknowledged that his personal email had been hacked.

Both situations highlight the continuing vulnerability of email, whether personal or professional.

That's why the National Institute of Standards and Technology has launched an initiative to help both public and private organizations improve email security. A key element of NIST's initiative is to engage the private sector for assistance.

In the Internet's early days, researchers were more interested in sharing information than securing it. Today, securing email, the most widely used medium for business communication, is a full-time job for many researchers and IT specialists, NIST said.

Public -Private Cooperation

One component of that effort is to offer businesses the opportunity to partner with NIST and the National Cybersecurity Center of Excellence in a Cooperative Research and Development Agreement, or CRADA, to improve email security through a domain name system platform.

Most server-based email security mechanisms are vulnerable to attacks on the integrity of the cryptographic implementations they depend on, NIST said.

A current DNS-based protocol is designed to securely associate domain names with cryptographic certificates and related security information so that they can't be modified or replaced fraudulently to breach the security of Internet exchanges, the agency noted.

Despite the dangers of failing to authenticate the identities of network devices, adoption and deployment of the protocol has been slow, NIST said.

http://www.technewsworld.com/story/82692.html