Federally funded cybersecurity nonprofit the Center for Internet Security (CIS) — which has provided state-of-the-art cybersecurity policy and organizational benchmarks since the 1990s — has teamed up with the Cybersecurity and Infrastructure Security Agency (CISA) to pilot a Malicious Domain Blocking and Reporting Service (MDBR).
The MDBR program, which launched this week, promises to help participating governments block connections between their IT systems and malware-laden websites via a product from vendor Akamai.
Most ransomware is spread through links in phishing emails that connect an organization's network to malicious websites. With MDBR, however, domain name system (DNS) requests are channeled through Akamai servers, which then automatically compare requests against a list of known malicious websites to screen potentially harmful connections. Hypothetically, even if a public agency staffer clicked on a link to a malicious website, the system would be able to block access and prevent a network breach.
According to CIS, MDBR service will be available free of charge to participating members of CIS' Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). It is also easy to operate and requires no maintenance, as CIS and Akamai maintain all of the systems involved.
“MDBR is built on top of Akamai’s Enterprise Threat Protector (ETP) service, which is deployed on its platform that provides carrier-grade recursive DNS service," said Ed Mattison, CIS executive vice president of operations and security services, in a statement. "The Akamai Intelligent Edge Platform delivers up to 2.2 trillion DNS queries daily, making it a great partner for this initiative."
The rollout is part of a larger effort by CIS to build up state and local election infrastructure in the run-up to the 2020 presidential election. These efforts have also included increased collaboration with election offices, as well as the rollout of another pilot program based around endpoint detection and response for election infrastructure, which targets "smaller, less mature" election offices for better threat intelligence and information sharing.