DHS’ Christopher Krebs Issues Directive to Address Domain Name System Tampering Campaign

The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities.

Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.

To mitigate risks, CISA recommends that agencies audit DNS records, change account passwords, add multifactor authentication feature to DNS accounts and track certificate transparency logs within 10 business days.

Krebs, a 2019 Wash100 winner, wrote that CISA will offer technical support to agencies that report vulnerabilities in DNS records and evaluate submissions from organizations that cannot implement multifactor authentication on DNS accounts.

Agencies should submit status reports by Jan. 25 and completion reports for all actions by Feb. 5, according to the directive.

Starting Feb. 6, Krebs said he will work with agencies’ chief information officers and senior risk management officials that have not completed implementing the required measures to ensure the security of federal information systems.

He added that CISA will submit by Feb. 8 a report to the secretary of DHS and the director of the Office of Management and Budget about outstanding security issues at agencies.

Check Also

Cybersecurity Strategy

Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.