The Pentagon is considering whether to start protecting private-sector IT. Defense Deputy Secretary William Lynn made a speech at the Strategic Command Cyber Symposium, saying that Defense was considering whether to use Einstein 2 and Einstein 3 to help secure nationally-critical private sector systems like financial and utility systems. Lynn described a process where DoD would create a secure architecture and then private companies could opt in if they wanted to. He says it would build on the collaboration between the Pentagon and the defense industry. He referred to it as “secure-dot-com.”
Although the December 2009 deadline came and went, federal agencies are starting to accelerate adoption of internet domain name system security, or DNSSEC. DNSSEC is a standard method for encrypting information in the domain name servers scattered throughout the internet. DNS servers ensure that the words users type in their browsers actually take them to the intended web sites. Lacking security, the domain name servers are vulnerable to hackers who spoof web sites. According to Search Security.com, agencies are picking up the tempo in adopting DNSSEC by acquiring products and services that produce the encryption add-ons. One vendor reckons a third of federal agencies now have digitally signed their dot.gov sub-domains, up from only 20 percent six months ago.