A rise in DNS attacks emphasizes the critical need for cybersecurity solutions.
“You can't be a real country unless you have a beer and an airline. It helps if you have some kind of a football team or some nuclear weapons, but at the very least you need a beer.” - Frank Zappa, American rocker singer-songwriter
Today, you can’t be a real country unless you have cybersecurity. Both the National Security Strategy and National Defense Strategy underscore the importance of defending against cyberattacks.
The IDC reports that 79 percent of companies worldwide have faced a Domain Name System (DNS) attack over the past year. Attacks include DNS flooding, domain hijacking, DNS cache poisoning, DNS tunneling, DNS spoofing, and many more. Exploits include:
- Users mistyping domain names while attempting to navigate to a known-good website and unintentionally go to a malicious one instead;
- Hackers lacing phishing emails with malicious links;
- A compromised device seeking commands from a remote command and control server;
- Hackers exfiltrating data from a compromised device to a remote host.
The DNS acts as a massive phone book to pair IP addresses with assigned domain names. When a person types in a website such as “youtube.com”, their browser does not understand what that means; it needs the IP address of the server where “YouTube” is hosted. So, when you enter a domain name, the DNS “phone book” finds the IP to connect to. Because DNS is foundational to the internet, it is also in the cross-hairs of hackers. Symantec states that 1 in 13 web requests lead to malware.
Given the magnitude of DNS threats, the US National Security Agency (NSA) issued a DNS cybersecurity advisory this March (2021). The Department of Defense (DoD) incorporated DNS guidance into its new cybersecurity framework, the Cybersecurity Maturity Model Certification (CMMC).
The DoD is gradually implementing CMMC in DoD contracts with mandatory compliance in all contracts starting FY 2026. The CMMC impacts 300,000+ defense contractors (prime and sub-contracts). Contractors bidding on DoD contracts with CMMC requirements must acquire CMMC Certification prior to contract award. CMMC Certification requires successfully passing a CMMC audit, which validates cybersecurity practices and processes are adequate and in place to protect controlled information on DoD contractor systems.
As a CMMC Registered Provider Organization (RPO), Concord is authorized by CMMC-AB (DoD’s governance body) to help contractors implement and comply with CMMC.
