NSA pilots secure DNS model to protect against malware attacks

System will be rolled out to US defence contractors

The US National Security Agency (NSA) is working on a secure domain name system (DNS) model with an aim to protect American defence contractors from malware attacks.

At the virtual Defense One Tech Summit on Thursday, Anne Neuberger, head of NSA's cybersecurity directorate, said that the organisation's cyber security experts are testing the Secure DNS model for nearly six weeks, and that it will eventually provide secure services to small- and medium-sized firms working on Department of Defense (DoD) weapons technologies.

According to Neuberger, their analysis showed that the use of secure DNS would help in reducing the ability for 92 per cent of "malware attacks … from a command and control perspective, deploying malware on a given network".

The pilot programme is being run in partnership with a commercial managed service provider, Neuberger added.

DNS, often described as the phonebook of the Internet, is the protocol that enables translation of domain names to their IP addresses so that browsers can load that website for the user. The main advantage of DNS is that it eliminates the need for users to memorise complex IP addresses such as 208.192.1.1 (in IPv4), or 22002050:1:c7b2 (in IPv6).

According to security researchers, hackers constantly try to exploit DNS to deliver malicious programmes in efforts to target machines or to run credential-stealing operations.

According to NSA, some DNS attacks are launched with an aim to take down authoritative DNS servers to deny access to a domain. Other attacks attempt to "either manipulate DNS to redirect traffic to malicious destinations or allow attackers to take control of the DNS infrastructure itself, with disastrous consequences to the server's domain and third parties."

Last year, the US Cybersecurity and Infrastructure Security Agency was forced to issue Emergency Directive 19-01 in response to a series of cyber attacks involving DNS infrastructure tampering against US government agencies. The attacks were believed to originate from Iran.

According to Neuberger, the pilot project produced encouraging results, blocking malicious activity for companies currently using Secure DNS as part of the programme.

The NSA plans to standardise the secure DNS service in coming days, after which it will allow companies (with competence to meet the standard) to provide the service to small- and medium-sized defence industrial base (DIB) firms and to encourage them to focus on using the secure DNS.