The Central Digital and Data Office (CDDO) is running a project on how public sector bodies discover, triage and resolve vulnerabilities in their domain name systems (DNS).
It is taking the step as part of the Government Roadmap for Digital and Data and Government Cyber Strategy, saying it wants to reduce the time DNS vulnerabilities are open to exploitation and reduce the overall exposure to cyber risks.
CDDO has published a market notice for support in the discovery and alpha phases of the project, saying it will involve investigating security information and event management (SIEM) tools to take information from its public sector domains monitoring platform. It has also indicated that a solution could involve the use of automation.
Its plan involves recruiting four public sector partner organisations with large subdomains and at least three different SIEM tools between them, understanding how they manage these, identifying how automation could be used and developing a set of key performance indicators.
During the alpha phase, each partner organisation will be expected to run a prototype solution for maintaining and up-to-date list of all its domains and subdomains, and one for sharing the list with CDDO.
The main users are expected to be domain managers, operators of SIEM tools, security operations centres and domain name administrators.
Business changes and accountabilities
“The potential impact of a domain related vulnerability is not always well understood, so we also believe that business changes may be required at working and senior levels to embed the right accountabilities and responsibilities and so ensure domain related vulnerabilities are fixed quickly,” the market notice says.
“Having an accurate and up-to-date list of all domains and subdomains that an organisation has is a key dependency for finding vulnerabilities, so we want public sector organisations to maintain such lists, understand what their domains are being used for, and share this information regularly with CDDO's domains monitoring platform. This will likely require business changes within the organisation.”
CDDO already has an operations team in place for the project and begun talking with a few public sector bodies but has not yet run a formal discovery.