Easy access to all the Government news updates

Subscribe and receive personalized news articles straight in your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from ExecutiveGov. In addition, you also agree to ExecutiveGov's Privacy Policy and Terms & Conditions.


DHS’ Christopher Krebs Issues Directive to Address Domain Name System Tampering Campaign

1 min read

The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities.

Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.

To mitigate risks, CISA recommends that agencies audit DNS records, change account passwords, add multifactor authentication feature to DNS accounts and track certificate transparency logs within 10 business days.

Krebs, a 2019 Wash100 winner, wrote that CISA will offer technical support to agencies that report vulnerabilities in DNS records and evaluate submissions from organizations that cannot implement multifactor authentication on DNS accounts.

Agencies should submit status reports by Jan. 25 and completion reports for all actions by Feb. 5, according to the directive.

Starting Feb. 6, Krebs said he will work with agencies’ chief information officers and senior risk management officials that have not completed implementing the required measures to ensure the security of federal information systems.

He added that CISA will submit by Feb. 8 a report to the secretary of DHS and the director of the Office of Management and Budget about outstanding security issues at agencies.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology