Home / Blogs

U.S. National Cybersecurity Strategy and Its Impact on Domain Security

Last month, the U.S. National Cybersecurity Strategy was launched, providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world1.

The cybersecurity strategies that aim to improve overall internet security and reduce cyber threats will likely have a positive impact on domain security. For example, if the U.S. government implements new measures to detect and prevent cyberattacks, this could help reduce the number of attacks targeting domain names and domain name systems (DNS). At a high level, the U.S. National Cybersecurity Strategy discusses securing critical infrastructure—cloud services, domain registrars, email, hosting providers, other digital services, and DNS. At the very least, this should put the more security-conscious enterprise-class registrars in a strong position to be a model for registrars that don’t practice Know Your Customer (KYC) compliance or have other security protocols such as registry lock or DNSSEC in place for their clients. The strategy also discusses how the internet and DNS are vulnerable infrastructure, and the White House Fact Sheet states that “reducing systemic technical vulnerabilities in the foundation of the internet and across the digital ecosystem” will need to be part of the goal to invest in resiliency2.

In the recent past, other governments around the world have developed their own national cybersecurity strategies to address growing cyber threats. The U.K., Canada, Australia, and Japan—just to name a few—have cybersecurity strategies in place outlining their respective approaches to dealing with cyber threats. Each of them focuses on stronger infrastructure in addition to further collaboration between stakeholders.

But to date, there really hasn’t been a large movement or push by the U.S. government to widely adopt domain security measures. The problem with this is threefold:

  1. Within the broader phishing and ransomware discussions, little attention is given to preventative actions (domain-related security measures) that could mitigate attacks in the early stages of a ransomware attack.
  2. No standards differentiating between consumer-grade and enterprise-class domain registrars exist, which has continued to enable consumer-grade registrars to operate domain marketplaces that drop-catch, auction, and sell branded or trademarked domain names to the highest bidder.
  3. The industry lacks an understanding of the importance of domain security and the available options to implement effective measures into their risk management strategy.

For those focused on internet fraud and online brand abuse, the strategy discusses focusing on mitigating against phishing attacks, business email compromise (BEC), and wire transfer fraud. Since these scams often include imitating trusted brand names, this is a positive development for brand owners and proponents of trademark and IP rights, as well as online consumer safety. These attacks often happen by compromising legitimate web domains or by maliciously registering fake web domains. The intent of these fake domain registrations is to leverage the trust placed on the targeted brand to launch phishing attacks or other forms of digital brand abuse or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation.

Overall, the impact of the U.S. government’s cybersecurity strategy on domain security will depend on the specific measures included in the strategy and how effectively they’re implemented. Companies can begin to strengthen their domain security posture by adopting best practices.

By Sue Watts, Global Marketing Leader, Digital Brand Services, CSC

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign