DHS CISA Releases Emergency Directive on DNS Infrastructure Tampering – Updated January 29, 2019

January 29, 2019

U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs has written a blog explaining why his agency issued Emergency Directive 19-0, Mitigate DNS Infrastructure Tampering, last week (a summary of the Directive was included in the January 24 SRU). Krebs addresses the threat that necessitated the issuance of the Directive and actions that have been implemented through it in plain language, comparing the malicious campaign to someone lying to the post office about your address, checking your mail, and than hand delivering mail to your mailbox. This straightforward approach also applies to the near-time mitigations mandated for federal agencies by the directive, which Krebs also describes in his blog. He notes that these common sense measures can be applied by any organization to prevent DNS infrastructure tampering. Read the blog at DHS.

January 24, 2019

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive for federal government entities on Domain Name System (DNS) infrastructure tampering. The DNS infrastructure tampering has allowed attackers to redirect and intercept web and mail traffic. Although the directive is intended for the federal government, CISA encourages state, local, tribal, and territorial and industry partners to review it as they may benefit from implementing the actions it describes. In addition to reviewing the directive, partners may also refer to advisories previously posted by DHS, including “DNS Infrastructure Hijacking Campaign” and “APTs Targeting IT Service Provider Customers.” Read the directive at DHS.