It’s time for law enforcement to take DNS seriously

We rely on law enforcement to be our first-line of defence against criminals online and offline. Yet, most law enforcement agencies remain vulnerable to cyber attacks.

Municipalities, power grids and hospitals have all fallen victim to malicious online actors looking to score propaganda points. Due to their profile, law enforcement agencies are also obvious targets for hackers and cyber criminals.

I find it troubling that many police forces do not take simple steps to protect themselves online. The place to start is through the Domain Name System (DNS) server, where the most common form of attack hits. The DNS is often forgotten in cyber security strategies even though DNS security solutions are exceptionally affordable and easy to deploy.

Think of the DNS as the Achilles heel of the Internet. Everything is great when it is working, but the DNS is vulnerable to power and network outages. When your DNS goes down, your website, web applications, email, and web services all fail.

This can be embarrassing for any organization, but it becomes dangerous in law enforcement scenarios. A cyber attack on DNS could impact crime reports, investigations and external communications.

It’s time for Canada’s law enforcement community to step up their security online. I’ve provided four key ways for law enforcement agencies to improve their cyber security:

  • Test your DNS: CIRA offers a simple test to find critical errors in your DNS configuration. The test takes about 60 seconds and can be accessed for free at dnstests.cira.ca.
  • Use an Anycast DNS service: Some legacy web architectures use what is called a unicast DNS. These services offer little redundancy and leave the DNS extremely vulnerable to DDoS attack. Ensure you have an Anycast DNS solution that can withstand attacks and keep services online. Full disclosure, CIRA has a secondary service called D-Zone Anycast DNS, but there are others in the field. Find one that suits your organization’s needs.
  • Confirm the DNS is properly configured and includes a primary and secondary: Redundancy is important when setting up a world-class DNS configuration, and administrators should confirm that their DNS settings are configured correctly. In testing, CIRA found Canada’s DNS availability is startlingly poor, with a lack of redundancy and configuration errors causing 93 per cent of DNS servers in Canada to miss queries over a six month period. For lesser-known websites this may not be an issue, but misconfigurations could leave law enforcement open to attack.
  • Use a domain locking service: Any .CA domain can be locked with CIRA to prevent unauthorized changes to the domain settings. This prevents malicious actors from redirecting a domain to a new site with damaging information, a common form of cyber-attack. In 2015, the City of Ottawa’s website was redirected to an image of a dancing banana. ISIS sympathizers have also used this tactic to redirect pages to ISIS propaganda.

As cyber attacks become more common, it is important that our law enforcement protects their online services. A properly configured and redundant DNS is a solid first step to a more secure Canadian Internet.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Jacques Latour
Jacques Latourhttp://cira.ca
Jacques Latour is the chief technology officer at the Canadian Internet Registration Authority (CIRA). Latour joined CIRA in March 2010, bringing with him more than 20 years of experience in the IT sector. As chief technology officer, Latour is responsible for the research and development of products and services, a critical function in pursuit of CIRA’s new strategic direction.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight