How do US government agencies open their email attachments?











up vote
53
down vote

favorite
10












I suppose the FBI receives email with attachments, like any other government agency: documents, resumes/CVs, etc. I also suppose they are very careful not to get infected, more than the average user, for obvious reasons. If I were to send an email to the FBI, attaching maybe a PDF with my resume/CV, how are they going to open it?



So I wonder if US government agencies are known to use particular procedures or follow particular standards for dealing with emails safely. I also suppose what I'm asking is not secret information, given the large number of people involved (all the people who work in or for the government are expected to deal with emails safely).










share|improve this question




















  • 2




    @schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
    – reed
    Nov 25 at 23:09






  • 1




    Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
    – jww
    Nov 26 at 11:11






  • 1




    Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
    – jcaron
    Nov 26 at 12:52






  • 1




    Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
    – Aaron
    Nov 26 at 19:27






  • 1




    While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
    – code_dredd
    Nov 27 at 8:33

















up vote
53
down vote

favorite
10












I suppose the FBI receives email with attachments, like any other government agency: documents, resumes/CVs, etc. I also suppose they are very careful not to get infected, more than the average user, for obvious reasons. If I were to send an email to the FBI, attaching maybe a PDF with my resume/CV, how are they going to open it?



So I wonder if US government agencies are known to use particular procedures or follow particular standards for dealing with emails safely. I also suppose what I'm asking is not secret information, given the large number of people involved (all the people who work in or for the government are expected to deal with emails safely).










share|improve this question




















  • 2




    @schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
    – reed
    Nov 25 at 23:09






  • 1




    Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
    – jww
    Nov 26 at 11:11






  • 1




    Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
    – jcaron
    Nov 26 at 12:52






  • 1




    Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
    – Aaron
    Nov 26 at 19:27






  • 1




    While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
    – code_dredd
    Nov 27 at 8:33















up vote
53
down vote

favorite
10









up vote
53
down vote

favorite
10






10





I suppose the FBI receives email with attachments, like any other government agency: documents, resumes/CVs, etc. I also suppose they are very careful not to get infected, more than the average user, for obvious reasons. If I were to send an email to the FBI, attaching maybe a PDF with my resume/CV, how are they going to open it?



So I wonder if US government agencies are known to use particular procedures or follow particular standards for dealing with emails safely. I also suppose what I'm asking is not secret information, given the large number of people involved (all the people who work in or for the government are expected to deal with emails safely).










share|improve this question















I suppose the FBI receives email with attachments, like any other government agency: documents, resumes/CVs, etc. I also suppose they are very careful not to get infected, more than the average user, for obvious reasons. If I were to send an email to the FBI, attaching maybe a PDF with my resume/CV, how are they going to open it?



So I wonder if US government agencies are known to use particular procedures or follow particular standards for dealing with emails safely. I also suppose what I'm asking is not secret information, given the large number of people involved (all the people who work in or for the government are expected to deal with emails safely).







email government email-attachments






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 at 22:58

























asked Nov 25 at 22:49









reed

2,0971519




2,0971519








  • 2




    @schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
    – reed
    Nov 25 at 23:09






  • 1




    Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
    – jww
    Nov 26 at 11:11






  • 1




    Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
    – jcaron
    Nov 26 at 12:52






  • 1




    Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
    – Aaron
    Nov 26 at 19:27






  • 1




    While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
    – code_dredd
    Nov 27 at 8:33
















  • 2




    @schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
    – reed
    Nov 25 at 23:09






  • 1




    Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
    – jww
    Nov 26 at 11:11






  • 1




    Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
    – jcaron
    Nov 26 at 12:52






  • 1




    Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
    – Aaron
    Nov 26 at 19:27






  • 1




    While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
    – code_dredd
    Nov 27 at 8:33










2




2




@schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
– reed
Nov 25 at 23:09




@schroeder, I added "US" to make it more specific, but info about other countries is also welcome if anybody has anything to say. Info on other highly secure environments is also ok as long as it's specified what environment it is (what kind of company? What purpose? Etc.) There are already several questions on how to open attachments safely here on SE, but it's just generic advice targeted at advanced users. Here I'd like to focus on known existing practices actually in use in supposedly secure environments (like government agencies)
– reed
Nov 25 at 23:09




1




1




Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
– jww
Nov 26 at 11:11




Each agency is likely different. I know how the US Treasury and SSA handle it because I used to contract at both agencies. Both were slightly different and Treasury took greater precautions.
– jww
Nov 26 at 11:11




1




1




Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
– jcaron
Nov 26 at 12:52




Some generic recommendations from NIST (not specifically about attachments, but about e-mail in general) available here: csrc.nist.gov/publications/detail/sp/800-45/version-2/final
– jcaron
Nov 26 at 12:52




1




1




Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
– Aaron
Nov 26 at 19:27




Encrypted emails are signed with physical 2fa keys. Things too big for email are sent via intranet server (basically our own version of dropbox) that also requires 2fa to sign in. (NASA) Other comments about email filtering and scanning are also correct.
– Aaron
Nov 26 at 19:27




1




1




While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
– code_dredd
Nov 27 at 8:33






While not an answer, I can confirm that the US NAVY uses a separate site called AMRDEC SAFE: Safe Access File Exchange. The FBI has their jobs site where you enter your resume details as plain text. I've used both. Can't speak for other branches.
– code_dredd
Nov 27 at 8:33












2 Answers
2






active

oldest

votes

















up vote
46
down vote













While I cannot speak for every government agency everywhere, in highly secure environments, what I have seen [unable to disclose] is:




  • sandbox email attachments

  • no attachments but authorised, attributable file upload tools


In each instance, the attachment is inspected and run in an isolated sandbox. The recipient only interacts with the file through this abstraction.



Oftentimes, the content is extracted as text and reconstructed in a structured way, wherever that is possible.






share|improve this answer



















  • 4




    I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
    – ChatterOne
    Nov 26 at 11:24








  • 1




    While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
    – Alex Vong
    Nov 26 at 17:40








  • 1




    ...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
    – Alex Vong
    Nov 26 at 17:40








  • 4




    @ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
    – Nic Hartley
    Nov 26 at 17:49


















up vote
27
down vote













Segmentation is the key technique here.



You never work with sensitive data and external data at the same time. Depending on the sensitivity, you may use a different device that may be air gapped from the external world, but often just a device with mandatory VPN, or a different virtual machines, or SELinux context (hint: SELinux was developed by NSA). Even further employees that handle data from the public are different from employees that handle sensitive data, employees that handles hiring doesn't really need to have access to investigation data, for example and vice versa.



There is usually a procedure to transfer data between sensitive zones, with check and controls about what kind of data can be transferred under what conditions. This is often enforced through some form of MAC (mandatory access control).



Emails are often segmented as well. The mail server may automatically strip attachments from emails by people outside the agency's trusted environment, and they may be automatically tagged for work in untrusted context. You may have internal mailbox that's separate from public mailbox. There are often a form of content filtering in email server and/or client, through antivirus check and/or some form of document classification and protection system.



But most importantly though, security is mainly about human. Regular security drills, practice on detecting phishing, documented procedures, and classifying documents, all works to prevent attacks. Many security vulnerabilities depends on human factors. Software and tools can help prevent errors and make enforcement easier, but ultimately user training is the most important way to protect any system.





I wasn't able to find a publicly available document of email security practices for US government agency, but here's one for Australia. In particular, you may be interested in Page 182 Email Security and Page 190 Email Content Filtering. Other sections that may be of interest is Page 282 Data Transfer and Content Filtering.






share|improve this answer



















  • 1




    aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
    – Dan Neely
    Nov 26 at 21:18






  • 1




    @DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
    – Lie Ryan
    Nov 26 at 21:52








  • 2




    Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
    – Dan Neely
    Nov 26 at 22:28











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198392%2fhow-do-us-government-agencies-open-their-email-attachments%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
46
down vote













While I cannot speak for every government agency everywhere, in highly secure environments, what I have seen [unable to disclose] is:




  • sandbox email attachments

  • no attachments but authorised, attributable file upload tools


In each instance, the attachment is inspected and run in an isolated sandbox. The recipient only interacts with the file through this abstraction.



Oftentimes, the content is extracted as text and reconstructed in a structured way, wherever that is possible.






share|improve this answer



















  • 4




    I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
    – ChatterOne
    Nov 26 at 11:24








  • 1




    While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
    – Alex Vong
    Nov 26 at 17:40








  • 1




    ...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
    – Alex Vong
    Nov 26 at 17:40








  • 4




    @ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
    – Nic Hartley
    Nov 26 at 17:49















up vote
46
down vote













While I cannot speak for every government agency everywhere, in highly secure environments, what I have seen [unable to disclose] is:




  • sandbox email attachments

  • no attachments but authorised, attributable file upload tools


In each instance, the attachment is inspected and run in an isolated sandbox. The recipient only interacts with the file through this abstraction.



Oftentimes, the content is extracted as text and reconstructed in a structured way, wherever that is possible.






share|improve this answer



















  • 4




    I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
    – ChatterOne
    Nov 26 at 11:24








  • 1




    While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
    – Alex Vong
    Nov 26 at 17:40








  • 1




    ...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
    – Alex Vong
    Nov 26 at 17:40








  • 4




    @ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
    – Nic Hartley
    Nov 26 at 17:49













up vote
46
down vote










up vote
46
down vote









While I cannot speak for every government agency everywhere, in highly secure environments, what I have seen [unable to disclose] is:




  • sandbox email attachments

  • no attachments but authorised, attributable file upload tools


In each instance, the attachment is inspected and run in an isolated sandbox. The recipient only interacts with the file through this abstraction.



Oftentimes, the content is extracted as text and reconstructed in a structured way, wherever that is possible.






share|improve this answer














While I cannot speak for every government agency everywhere, in highly secure environments, what I have seen [unable to disclose] is:




  • sandbox email attachments

  • no attachments but authorised, attributable file upload tools


In each instance, the attachment is inspected and run in an isolated sandbox. The recipient only interacts with the file through this abstraction.



Oftentimes, the content is extracted as text and reconstructed in a structured way, wherever that is possible.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 25 at 23:10

























answered Nov 25 at 23:00









schroeder

72.7k29160194




72.7k29160194








  • 4




    I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
    – ChatterOne
    Nov 26 at 11:24








  • 1




    While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
    – Alex Vong
    Nov 26 at 17:40








  • 1




    ...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
    – Alex Vong
    Nov 26 at 17:40








  • 4




    @ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
    – Nic Hartley
    Nov 26 at 17:49














  • 4




    I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
    – ChatterOne
    Nov 26 at 11:24








  • 1




    While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
    – Alex Vong
    Nov 26 at 17:40








  • 1




    ...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
    – Alex Vong
    Nov 26 at 17:40








  • 4




    @ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
    – Nic Hartley
    Nov 26 at 17:49








4




4




I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
– ChatterOne
Nov 26 at 11:24






I've seen the same thing, plus e-mail content being actually re-written so that any link contained in them would not be the actual link, but something like internalserver://safeopen/link_in_the_email . It doesn't prevent bad stuff from happening of course (see forbes.com/sites/martijngrooten/2018/11/12/… ), but it helps mitigate.
– ChatterOne
Nov 26 at 11:24






1




1




While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
– Alex Vong
Nov 26 at 17:40






While I do not use Qubes OS (mentioned by Snowden before), I do listen to their talks to learn what might be the state of the art in the free software world. One of the feature is to convert an untrusted PDF into a trusted one by turning everything into images...
– Alex Vong
Nov 26 at 17:40






1




1




...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
– Alex Vong
Nov 26 at 17:40






...(it's done inside a disposable VM, so even if the PDF somehow manage to exploit bugs in the conversion program, its effect is still contained within that VM). Another feature is to open PDF in a disposable VM. The talk said this is for example useful for journalists who need to deal with untrust documents often.
– Alex Vong
Nov 26 at 17:40






4




4




@ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
– Nic Hartley
Nov 26 at 17:49




@ChatterOne Ironic that you link to Forbes for an article about viruses infecting people.
– Nic Hartley
Nov 26 at 17:49












up vote
27
down vote













Segmentation is the key technique here.



You never work with sensitive data and external data at the same time. Depending on the sensitivity, you may use a different device that may be air gapped from the external world, but often just a device with mandatory VPN, or a different virtual machines, or SELinux context (hint: SELinux was developed by NSA). Even further employees that handle data from the public are different from employees that handle sensitive data, employees that handles hiring doesn't really need to have access to investigation data, for example and vice versa.



There is usually a procedure to transfer data between sensitive zones, with check and controls about what kind of data can be transferred under what conditions. This is often enforced through some form of MAC (mandatory access control).



Emails are often segmented as well. The mail server may automatically strip attachments from emails by people outside the agency's trusted environment, and they may be automatically tagged for work in untrusted context. You may have internal mailbox that's separate from public mailbox. There are often a form of content filtering in email server and/or client, through antivirus check and/or some form of document classification and protection system.



But most importantly though, security is mainly about human. Regular security drills, practice on detecting phishing, documented procedures, and classifying documents, all works to prevent attacks. Many security vulnerabilities depends on human factors. Software and tools can help prevent errors and make enforcement easier, but ultimately user training is the most important way to protect any system.





I wasn't able to find a publicly available document of email security practices for US government agency, but here's one for Australia. In particular, you may be interested in Page 182 Email Security and Page 190 Email Content Filtering. Other sections that may be of interest is Page 282 Data Transfer and Content Filtering.






share|improve this answer



















  • 1




    aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
    – Dan Neely
    Nov 26 at 21:18






  • 1




    @DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
    – Lie Ryan
    Nov 26 at 21:52








  • 2




    Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
    – Dan Neely
    Nov 26 at 22:28















up vote
27
down vote













Segmentation is the key technique here.



You never work with sensitive data and external data at the same time. Depending on the sensitivity, you may use a different device that may be air gapped from the external world, but often just a device with mandatory VPN, or a different virtual machines, or SELinux context (hint: SELinux was developed by NSA). Even further employees that handle data from the public are different from employees that handle sensitive data, employees that handles hiring doesn't really need to have access to investigation data, for example and vice versa.



There is usually a procedure to transfer data between sensitive zones, with check and controls about what kind of data can be transferred under what conditions. This is often enforced through some form of MAC (mandatory access control).



Emails are often segmented as well. The mail server may automatically strip attachments from emails by people outside the agency's trusted environment, and they may be automatically tagged for work in untrusted context. You may have internal mailbox that's separate from public mailbox. There are often a form of content filtering in email server and/or client, through antivirus check and/or some form of document classification and protection system.



But most importantly though, security is mainly about human. Regular security drills, practice on detecting phishing, documented procedures, and classifying documents, all works to prevent attacks. Many security vulnerabilities depends on human factors. Software and tools can help prevent errors and make enforcement easier, but ultimately user training is the most important way to protect any system.





I wasn't able to find a publicly available document of email security practices for US government agency, but here's one for Australia. In particular, you may be interested in Page 182 Email Security and Page 190 Email Content Filtering. Other sections that may be of interest is Page 282 Data Transfer and Content Filtering.






share|improve this answer



















  • 1




    aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
    – Dan Neely
    Nov 26 at 21:18






  • 1




    @DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
    – Lie Ryan
    Nov 26 at 21:52








  • 2




    Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
    – Dan Neely
    Nov 26 at 22:28













up vote
27
down vote










up vote
27
down vote









Segmentation is the key technique here.



You never work with sensitive data and external data at the same time. Depending on the sensitivity, you may use a different device that may be air gapped from the external world, but often just a device with mandatory VPN, or a different virtual machines, or SELinux context (hint: SELinux was developed by NSA). Even further employees that handle data from the public are different from employees that handle sensitive data, employees that handles hiring doesn't really need to have access to investigation data, for example and vice versa.



There is usually a procedure to transfer data between sensitive zones, with check and controls about what kind of data can be transferred under what conditions. This is often enforced through some form of MAC (mandatory access control).



Emails are often segmented as well. The mail server may automatically strip attachments from emails by people outside the agency's trusted environment, and they may be automatically tagged for work in untrusted context. You may have internal mailbox that's separate from public mailbox. There are often a form of content filtering in email server and/or client, through antivirus check and/or some form of document classification and protection system.



But most importantly though, security is mainly about human. Regular security drills, practice on detecting phishing, documented procedures, and classifying documents, all works to prevent attacks. Many security vulnerabilities depends on human factors. Software and tools can help prevent errors and make enforcement easier, but ultimately user training is the most important way to protect any system.





I wasn't able to find a publicly available document of email security practices for US government agency, but here's one for Australia. In particular, you may be interested in Page 182 Email Security and Page 190 Email Content Filtering. Other sections that may be of interest is Page 282 Data Transfer and Content Filtering.






share|improve this answer














Segmentation is the key technique here.



You never work with sensitive data and external data at the same time. Depending on the sensitivity, you may use a different device that may be air gapped from the external world, but often just a device with mandatory VPN, or a different virtual machines, or SELinux context (hint: SELinux was developed by NSA). Even further employees that handle data from the public are different from employees that handle sensitive data, employees that handles hiring doesn't really need to have access to investigation data, for example and vice versa.



There is usually a procedure to transfer data between sensitive zones, with check and controls about what kind of data can be transferred under what conditions. This is often enforced through some form of MAC (mandatory access control).



Emails are often segmented as well. The mail server may automatically strip attachments from emails by people outside the agency's trusted environment, and they may be automatically tagged for work in untrusted context. You may have internal mailbox that's separate from public mailbox. There are often a form of content filtering in email server and/or client, through antivirus check and/or some form of document classification and protection system.



But most importantly though, security is mainly about human. Regular security drills, practice on detecting phishing, documented procedures, and classifying documents, all works to prevent attacks. Many security vulnerabilities depends on human factors. Software and tools can help prevent errors and make enforcement easier, but ultimately user training is the most important way to protect any system.





I wasn't able to find a publicly available document of email security practices for US government agency, but here's one for Australia. In particular, you may be interested in Page 182 Email Security and Page 190 Email Content Filtering. Other sections that may be of interest is Page 282 Data Transfer and Content Filtering.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 26 at 11:42

























answered Nov 26 at 2:54









Lie Ryan

21.8k24674




21.8k24674








  • 1




    aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
    – Dan Neely
    Nov 26 at 21:18






  • 1




    @DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
    – Lie Ryan
    Nov 26 at 21:52








  • 2




    Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
    – Dan Neely
    Nov 26 at 22:28














  • 1




    aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
    – Dan Neely
    Nov 26 at 21:18






  • 1




    @DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
    – Lie Ryan
    Nov 26 at 21:52








  • 2




    Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
    – Dan Neely
    Nov 26 at 22:28








1




1




aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
– Dan Neely
Nov 26 at 21:18




aggressive deleting of email attachments was a major headache when I was working for a defense contractor. Outside of one project where we had to sign/encrypt everything with CAC cards first (AFAIK we never had delivery problems with them), the unofficial SOP with attachments was to send 2 emails. One with the attachment and one saying a message with an attachment was sent so we could at least detect when stealth deletes occurred. When possible, upload to external sharepoint and send a link was often done as a bypass too; but SP was annoying enough that govt people often chose email pain.
– Dan Neely
Nov 26 at 21:18




1




1




@DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
– Lie Ryan
Nov 26 at 21:52






@DanNeely That looks like it's more a policy implementation problem. When a mail server quarantined an attachment, it should've left a message describing that it did so, and where to retrieve the attachments and what procedures needed to sign off the release (e.g. attachment from external untrusted party may require to be opened in dedicated sandbox machine, or attachments containing suspected sensitive data need to fill release authorisation form). If the official SOP is causing people to have an unofficial SOP to effectively bypass the security system, that's a problem in the SOP too.
– Lie Ryan
Nov 26 at 21:52






2




2




Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
– Dan Neely
Nov 26 at 22:28




Totally agree about it being a policy trainwreck (eg renameMe.piZAtoN), but one that I saw with multiple govt entities not just once. The worst was one whose email system eagerly deleted images but would let .doc and .ppt files through which meant to send a screenshot I had to package it in something far riskier than a simple .png/jpg It's possible that the move to a unified DoD email system (in progress when I left for commercial work) may have put someone sane in charge of the system; the degree of crazy involved is one of the reasons I'm glad to be out of govt related work.
– Dan Neely
Nov 26 at 22:28


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198392%2fhow-do-us-government-agencies-open-their-email-attachments%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Wiesbaden

Marschland

Dieringhausen