Visitors to federal websites continue to be vulnerable covert redirections to fake websites. By exploiting weaknesses in the internet’s domain name system (DNS), criminals are able to transfer visitors to bogus websites for the purposes of stealing their personal information. Worst still, more than three years ago all federal websites were directed to install safeguards to protect such redirections. In 2008, the Bush administration ordered all agencies to adopt a set of digital signatures and keys which would allow a web address to be verified. The safeguards, called domain name system security extensions (DNSSEC) would allow visitors to US government websites to be certain that they on a legitimate website, not one set up by online criminals. However, according to the General Services Administration, currently less than a quarter of federal websites use DNSSEC.
According to Lee Ellis, program manager of the .gov top level domain name, one of the major barriers to implementation is that web users do not have a visual indication that a website is using DNSSEC. Unlike some other security measures, DNSSEC is invisible to users. Some federal agencies, like the Health and Human Services, NASA, and the General Services Administration, use DNSSEC, however to visitors their site looks just as secure as other agencies which have yet to incorporate the security feature in their online presence.
News of the low levels of DNSSEC adoption comes at the same time that new statistics are showing that even enterprise networks are highly vulernable to malware. Data released late last month by the online threat protection company FireEye claims that 99% of enterprise networks have malware entering their systems each week, with 80% of networks seeing more than 100 new instances. As reported by Net-Security.org, the statistics reveal that enterprise networks “are not keeping up with highly dynamic, multi-stage attacks that cyber-criminals now use to attack enterprises and federal agencies”.
As an increasing number of federal agencies use their online presence to provide critical services to their customers, it is more important than ever to protect users from online criminal activity. Improving the adoption rates of DNSSEC is a good start, but efforts by federal agencies to protect themselves and their users still have a long way to go.
