The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities.
Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.
To mitigate risks, CISA recommends that agencies audit DNS records, change account passwords, add multifactor authentication feature to DNS accounts and track certificate transparency logs within 10 business days.
Krebs, a 2019 Wash100 winner, wrote that CISA will offer technical support to agencies that report vulnerabilities in DNS records and evaluate submissions from organizations that cannot implement multifactor authentication on DNS accounts.
Agencies should submit status reports by Jan. 25 and completion reports for all actions by Feb. 5, according to the directive.
Starting Feb. 6, Krebs said he will work with agencies’ chief information officers and senior risk management officials that have not completed implementing the required measures to ensure the security of federal information systems.
He added that CISA will submit by Feb. 8 a report to the secretary of DHS and the director of the Office of Management and Budget about outstanding security issues at agencies.