Skip to main content

Leading the Federal Government in Webmail Security

VA knows that bad actors are always looking for ways to exploit system vulnerabilities and steal Veteran data. Some scammers even impersonate federal agencies to steal an individual’s personal information and credentials. Veterans could ostensibly open a phishing email purporting to be from a VA pharmacy and respond with personal and financial information, thinking they will receive medication. Meanwhile, a bad actor is collecting personal information and payments from the Veteran, all under the guise of a legitimate email from VA.

Safeguarding information a priority for federal agencies

The Department of Homeland Security (DHS) recognized this weakness and issued in 2017 the Binding Operational Directive 18-01 “Enhanced Email and Web Security” — a compulsory direction to federal, executive branch, departments, and agencies — mandating that all federal domains implement specific security standards to prevent domain name spoofing and to secure email communication.

As of October 2018, VA has successfully implemented these changes — ahead of DHS’ deadline — making it much more difficult for scammers to fake official VA email addresses. Thanks to the leadership of the VA Cybersecurity Operations Center and IT Operations and Services’ Security Engineering team, Veterans can trust that VA is working aggressively to ensure that email Veterans receive from va.gov email addresses are actually from VA.

“Email from malicious senders who try to impersonate VA are less likely to it make to the Veteran's inbox. As a result, Veterans can feel more confident that email coming from an official VA email account is legitimate,” remarked Kevin Robins, Director of VA’s Cybersecurity Operations Center, “and this team worked tirelessly with our agency partners to make that happen for our Veterans.”

Setting the standard by protecting Veteran data

Not only was VA the first federal agency to achieve 100 percent compliance with the directive, DHS also asked VA to provide a brief and guidance on best practices for web and email security. VA is proud to set the standard for other agencies while staying at the forefront of protecting Veteran information from cyber threats.

Safeguarding Veteran data is an integral part of providing Veterans world-class customer service. We fiercely protect the personal data of our Veterans, just as they have protected us.

phishing - the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Content last updated or reviewed on January 3, 2019