NSA Secure DNS Pilot Program Provides Assistance to Small and Mid-Sized Businesses

NEXT STORY
GAO Releases Analysis of DOD Contracting with Companies Maintaining ESOP Plans

NSA Secure DNS Pilot Program Provides Assistance to Small and Mid-Sized Businesses

6/26/2020

In a June 18^th interview at the Defense One Tech Summit, head of the NSA cybersecurity directorate Anne Neuberger gave an exclusive interview in which she described a new NSA program to help defense contractors fight malware attacks. Neuberger said that the program being piloted, known as Secure DNS, could reduce the ability of 92% of malware attacks to successfully deploy malware on a given network. The program is intended to be particularly beneficial to small-to-medium sized companies that may not have their own resources to invest in enough cybersecurity infrastructure or cybersecurity personnel. The pilot program has currently been going on for about 6 weeks, and Neuberger said that the promising initial results could lead to upscaling the program across the DoD.

One way in which malicious actors can target the defense industrial base is through DNS attacks. The domain name system (DNS) is a database that maps domain names to localized IP addresses, allowing a user to access a part of a computer network. DNS attacks involve an outside user trying to gain access to the network in order to install malware or steal protected information. This can consist of making a fake login page that looks credible in order to get a user’s credentials and gain access to a secure network, as well as other common spoofing and phishing methods. These attacks can be particularly problematic within the defense-industrial base, where private companies have access to secure networks and information relating to national security. To stop secure information from getting compromised by DNS attacks on private defense-industrial firms, Secure DNS filters outside DNS requests so that attackers cannot access secure networks or “spoof” their IP address in order to compromise a DNS server related to the defense-industrial base.

While this does not entirely eliminate the threat of malware attacks on networks related to the defense-industrial base, Neuberger described the program as a cybersecurity jumpstart for the smaller firms that the program is intended for. Neuberger also laid out some of the next steps of the pilot, which were to identify a secure DNS service provider as well a set of standards for DNS security providers across the defense-industrial base. If upscaling occurs, this could eventually serve as a preventative measure to protect against DNS attacks across the larger defense-industrial base. It is also important to note that this is a policy designed to target a specific kind of attack rather than a set of cybersecurity standards and best practices.

While this program shows promise in protecting against DNS attacks on the defense-industrial base, programs such as the CMMC play a larger part in promoting a set of cybersecurity best practices that can be used for accreditation going forward. However, in the meantime, Secure DNS could stand to protect vast swaths of the smaller firms within the defense-industrial base from the threat posed by DNS cyberattacks.

Topics: Cybersecurity, Small Business

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

NDIA's Education offerings exist to build a more capable, qualified, and
efficient Defense Industrial Base to support our national security through
doing business with the Department of Defense.