CISA launches DNS resolution shared service

Sarayut Thaneerat/Getty Images

The nation's cyber defense agency is launching a new shared service offering for all federal civilian agencies to bolster governmentwide cybersecurity and help thwart emerging internet traffic threats.

The Cybersecurity and Infrastructure Security Agency (CISA) is officially rolling out its Protective Domain Name System to all federal civilian agencies to help mitigate emerging internet traffic risks while bolstering government-wide cyber posture amid an evolving threat landscape, according to an announcement the agency published this week. 

The national cyber defense agency's latest offering is the result of collaboration between CISA's Cybersecurity Shared Services Office and several partner agencies, which provided feedback and input to make the DNS service fully functional for government users. CISA is calling the new offering "Protective DNS." CISA is the shared services provider for cybersecurity solutions under the federal government's Quality Services Management Office program.

The new service will provide agencies with DNS infrastructure to thwart known or suspected attack campaigns targeting federal networks, in addition to real-time logs and reports agencies can use to increase visibility into their own networks, according to a blog post CISA executive assistant director for cybersecurity Eric Goldstein published on Tuesday. 

"Every day, our federal government faces malicious cyber activity that could result in impacts to essential services or unauthorized access to sensitive data," Goldstein said, adding that Protective DNS prevents federal users from accessing malicious destinations and provides organizations with modernized capabilities to detect and prevent threats.

Goldstein also said Protective DNS will expand protected coverage to cloud-based assets, roaming and mobile devices and traditional on-premises networks, as well as provide agencies with real-time alerts and early response capabilities through rapid threat notifications. The service will also help agencies gain further alignment with the federal zero trust strategy the White House released earlier this year.

CISA raised concerns about cyberattacks targeting federal users which redirect network activity towards malicious domains since the beginning of the COVID-19 pandemic, as telework became increasingly common throughout the government. The agency said it will actively recruit federal civilian agencies to begin using Protective DNS, and called on those interested in the new service to contact its shared services office.