Cyber Defense eMagazine February Edition for 2023
Cyber Defense eMagazine February Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine February Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in<br />
response to a known or reasonably suspected in<strong>for</strong>mation security threat, vulnerability, or incident<br />
that represents a substantial threat to the in<strong>for</strong>mation security of an agency, to “issue an<br />
emergency directive to the head of an agency to take any lawful action with respect to the<br />
operation of the in<strong>for</strong>mation system, including such systems used or operated by another entity<br />
on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise<br />
maintains agency in<strong>for</strong>mation, <strong>for</strong> the purpose of protecting the in<strong>for</strong>mation system from, or<br />
mitigating, an in<strong>for</strong>mation security threat.”<br />
Federal agencies are required to comply with these directives.<br />
The Emergency Directive was hot on the back of 33 days of disruption that caused many of the Federal<br />
Agencies Internet Assets to be shut down. This incident was unequivocally connected to discovering<br />
DNS tampering. Let us briefly cover what DNS is as it is nothing new, but critical to security.<br />
DNS was designed and developed by Dr Paul Mockapetris between 1983 and 1986. DNS became<br />
adopted globally as one of the first Internet Protocols. Put simply, DNS allowed people to use the alphabet<br />
to recall website addresses. This was then translated by DNS into binary numbers <strong>for</strong> computers to use,<br />
share, and distribute.<br />
A website address like Google.com typically has IPv4 addresses such as 172.217.14.78. The IPv4<br />
address is a unique string of numbers punctuated by dots. The later IPv6 addresses are a series of<br />
hexadecimal characters and colons. Because the Internet is extremely dynamic, both IP addresses and<br />
domain names can change. DNS is adapted to record and reflect these changes, so it can successfully<br />
do its job of converting text domain names into IP addresses. DNS accommodates both IPv4 and IPv6<br />
addresses.<br />
DNS Abuse and Attacks are nothing new. DNS manipulation has been successfully used by the U.S.<br />
Government to monitor data flow and if deemed suspicious, has the ability to capture and review the data<br />
‘packets.’<br />
Following the atrocities of 9/11, DNS tampering became more widely, and more frequently used. There<br />
are numerous papers dating back to the early 2000’s that share in<strong>for</strong>mation and concerns of the lack of<br />
DNS controls, management, and governance. This led to not only a heightened awareness of the already<br />
near 20 years old Internet Protocol, but also highlighted the ability to Abuse and Attack DNS by our<br />
adversaries. Put simply, DNS became more akin to the Wild West than a Protocol to ensure stability and<br />
data flow correctness. This free-<strong>for</strong>-all led to the Emergency Directive 19-01.<br />
Un<strong>for</strong>tunately, the majority of Federal Agencies were unable to comply with the Emergency Directive due<br />
to a lack of knowledge, capability, and skill within the field of DNS. CISA offered to support the Ten-Day<br />
Directive deadline with the various Federal Agencies. However, CISA’s own DNS record was, and is, like<br />
the majority of Federal Agencies, far from optimal today.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>February</strong> <strong>2023</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.