The U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) and National Institute of Standards and Technology (NIST) today announced completion of an initiative with the Internet Corporation for Assigned Names and Numbers (ICANN) and VeriSign to enhance the security and stability of the Internet. The announcement marks full deployment of a security technology -- Domain Name System Security Extensions (DNSSEC) -- at the Internet's authoritative root zone (i.e. the address book of the Internet), which will help protect Internet users against cache poisoning and other related cyber attacks.
"The Internet plays an increasingly vital role in daily life, from helping businesses expand to improving education and health care," said Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling. "The growth of the Internet is due in part to the trust of its users – trust, for example, that when they type a website address, they will be directed to their intended website. Today's action will help preserve that trust. It is an important milestone in the ongoing effort to increase Internet security and build a safer online environment for users."
"Improving the trustworthiness, robustness and scaling of the Internet's core infrastructure is an activity that lines up strongly with NIST's mission, and we have been contributing to design, standardization and deployment of DNSSEC technology for several years," said NIST Director Patrick Gallagher. "The deployment of DNSSEC at the root zone is the linchpin to facilitating its deployment throughout the world and enabling the current domain-name system to evolve into a significant new trust infrastructure for the Internet."
The Domain Name System (DNS) is a critical component of the Internet infrastructure. The DNS associates user-friendly domain names (e.g., www.commerce.gov) with the numeric network addresses (e.g., 220.127.116.11) required to deliver information on the Internet, making the Internet easier for the public to navigate. The authenticity of the DNS data is essential to Internet use. For example, it is vital that users reach their intended destinations on the Internet and are not unknowingly redirected to bogus and malicious websites.
The DNS was not originally designed with strong security mechanisms, and technological advances have made it easier to exploit vulnerabilities in the DNS protocol that put the integrity of DNS data at risk. Many of these vulnerabilities are mitigated by the deployment of DNSSEC, which is a suite of Internet Engineering Task Force (IETF) specifications for securing information provided by the DNS.
A main goal of this action -- DNSSEC deployment at the root zone -- is to facilitate greater DNSSEC deployment throughout the rest of the global DNS hierarchy. While deployment of DNSSEC will protect Internet users from certain DNS-related cyber attacks, users must continue to exercise vigilance in protecting their information online.
The NTIA in the U.S. Department of Commerce serves as the executive branch agency principally responsible for advising the President on communications and information policies. For more information about the NTIA, visit www.ntia.doc.gov.
As a non-regulatory agency, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. For more information, visit www.nist.gov.