DHS Issues Emergency Cyber Directive

Written by FEDagent on .

The Department of Homeland Security (DHS) is warning agencies of a potential cyber-attack. In an emergency directive issued last week, the DHS directed agencies to take four steps in the next ten days to protect domain name security (DNS) systems from being vulnerable to hijacking.

In early January, a wave of domain hijacking attacks targeted organizations and companies to steal login information.

Fire Eye, a company specializing in detecting and preventing cyber-attacks, explained in a report issued earlier this month, “A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates. They include telecoms and ISP[s], government and sensitive commercial entities.”

Fire Eye researchers reported with moderate confidence that the attackers were based in Iran.

While this was occurring, the DHS lacked appropriations and was subject to a partial government shutdown. This meant 43 percent of the Cybersecurity and Infrastructure Security Agency (CISA), an agency created late last year to combat cyber threats, was furloughed.

In a blog post, Chris Krebs, director of CISA, explained, “Malicious actors obtained access to accounts that controlled DNS records and made them resolve to their own infrastructure before relaying it to the real address. Because they could control an organization’s DNS, they could obtain legitimate digital certificates and decrypt the data they intercepted – all while everything looked normal to users.”

On January 22, the DHS released their emergency directive to “address the significant and imminent risks to agency information and information systems.”

The directive called for all federal agencies to (1) audit their DNS records, (2) change all DNS account passwords, (3) add multi-factor authentication to all DNS accounts, and (4) monitor Certificate Transparency logs for any unauthorized requests.

The directive calls for these steps to be completed within 10 days and for agencies to provide CISA with a status report and completion report.

Posted in Featured News