This CISA Program Blocked Over 1B Threats to Critical Networks

The Cybersecurity and Infrastructure Security Agency (CISA) is scaling threat intelligence and fortifying network resilience with its Protective Domain Name System Resolver service in use across federal agencies, hospitals, schools and local utility facilities, officials said this week.

The program protects critical networks by blocking billions of Domain Name System (DNS) queries daily across all federal civilian executive branch agencies, officials said. To achieve this mission, CISA is leveraging industry partnerships and Cloudflare to tap into the scalability of Amazon Web Services’ GovCloud, according to Protective DNS Service Product Manager Christopher Villas.

“The system processes over 3 billion DNS queries a day and has provided over 700 billion blocks,” Villas said at the AWS Summit in Washington, D.C., Wednesday. “The scale that we’re operating at to generate passive DNS on over 3 billion records a day just wasn’t possible without this cloud-native solution.”

With a cloud-first architecture and AWS to host the management application, the program enables CISA to use several sources of threat intelligence, which has enhanced incident detection and response capabilities.

CISA and its parent agency, Department of Homeland Security, are also leveraging the data platform to obtain DNS traffic from all agencies, simplifying the process to find trends impacting the entirety of the federal government, rather than one agency at a time.

Villas said that the service was first piloted by critical infrastructure partners across the U.S. with a focus on health care, water utilities and power generation.

In less than two years, the program has enabled major enterprises to scale rapidly and meet evolving data storage needs effectively, benefiting over 110 agencies, Villas said.

“Transitioning off the legacy service to Protective DNS was a significant level of change for the [U.S. Postal Service], [the Department of Veterans Affairs] and [the Department of Health and Human Services],” Villas said. “But with the program’s new abilities, these large enterprises with complex setups that have multiple subcomponents can use the services for their own benefit.”

With the surge of cyberthreats from espionage groups like Volt Typhoon, Villas emphasized the growing rate of private-sector partnerships that are using Protective DNS. He explained that many organizations are seeking to deploy the program to obtain the same level of defense given to federal agencies.

“These entities are under attack from adversaries that are also targeting the federal government,” Villas said. “We were really thrilled to be able to bring and scale this [program] to accommodate an entirely new customer segment that’s under a significant threat.”