DHS’ Christopher Krebs Issues Directive to Address Domain Name System Tampering Campaign

The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities.

Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.

To mitigate risks, CISA recommends that agencies audit DNS records, change account passwords, add multifactor authentication feature to DNS accounts and track certificate transparency logs within 10 business days.

Krebs, a 2019 Wash100 winner, wrote that CISA will offer technical support to agencies that report vulnerabilities in DNS records and evaluate submissions from organizations that cannot implement multifactor authentication on DNS accounts.

Agencies should submit status reports by Jan. 25 and completion reports for all actions by Feb. 5, according to the directive.

Starting Feb. 6, Krebs said he will work with agencies’ chief information officers and senior risk management officials that have not completed implementing the required measures to ensure the security of federal information systems.

He added that CISA will submit by Feb. 8 a report to the secretary of DHS and the director of the Office of Management and Budget about outstanding security issues at agencies.

You may also be interested in...

Army Multi-Domain

Army Activates 2nd Multi-Domain Task Force in Germany for Defeating A2/AD Networks; Col. Jonathan Byrom Quoted

U.S. Army Europe and Africa has activated the 2nd Multi-Domain Task Force, a group tasked to stop adversary anti-access/area-denial networks in land, air, water, space and other environments. The 2nd MDTF will be based at the Clay Kaserne installation in Wiesbaden, Germany, and will be led by Col. Jonathan Byrom, the Army said Friday.