Source: The Financial Times
Security researchers recently revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers. This happened through the manipulation of domain name system (DNS) infrastructure.
And it followed a US Department of Homeland Security alert disclosing a global campaign, subsequently linked to Iran, to redirect internet traffic and steal sensitive information also by compromising DNS infrastructure. The DNS is an attractive target because it serves as a global address book, translating internet names we know into IP addresses that computers can recognize. The infrastructure supporting DNS is maintained by a number of core companies that administer internet domains, register new domain names, and host DNS “lookup” services which convert those domain names into IP addresses.
For years, hackers have abused the registration process to obtain new domain names which they then use to orchestrate cyber intrusions. Today, if attackers can hijack an existing customer domain at any of these companies, they can also reroute email and web-based communications, obtain confidential information and disrupt communications. And if they are able to compromise administrative infrastructure for DNS service providers themselves, they can cause potentially massive chaos, including for entire government and military domains.
Likewise, distributed denial of service (DDoS) attacks, which flood the system with traffic, can degrade large volumes of internet activity. Ecuador experienced a wave of DDoS attacks after the arrest of WikiLeaks founder Julian Assange that reportedly took a number of government, banking, and related sites offline. These recent alerts and attacks highlight an under-appreciated cyber security vulnerability in the global domain name system. Two years ago, the Global Commission on the Stability of Cyberspace, which I co-chair, called on both state and non-state actors not to threaten the integrity of the public core of the internet.
We now need concerted international action to address the risk to essential DNS infrastructure and reduce the opportunity for bad actors to disrupt services critical to the way we communicate and trade today. How do we move towards a more resilient DNS ecosystem? An effective model must contain three elements. First, a risk-based cyber security approach that successfully defends core DNS infrastructure despite attempted attacks. Second, a proactive strategy to mitigate unauthorized DNS account takeovers and new illicit domain registrations. And third, a trusted relationship between DNS providers and law enforcement agencies, which would allow police to carry out investigations and curb misuse of the system.
Thankfully, good work is already under way internationally to advance greater collaboration between governments and industry in managing cyber risk. The Organization of American States recently unveiled a set of best practices for protecting critical infrastructure in Latin America.
Governments and industry need to build on such efforts by working together to advance a secure-DNS agenda. The dialogue could include consideration of differing mechanisms — regulation, self-regulation, procurement processes, and liability limitations, for example — as incentives for meaningful investment.
For instance, countries might agree that the process for awarding contracts to DNS providers, particularly for administration of sensitive top-level domains, such as .gov addresses, should include the application of meaningful security standards. Likewise, to offer further incentives to invest, governments should consider limiting liability for providers whose security effectiveness can be validated independently.
What is most important, however, is we take action now before it is too late.
The writer, a former US secretary of homeland security, is executive chairman of The Chertoff Group