|
RCBJ-Audible (Listen For Free)
 |
Recently Passed DOTGOV Online Trust In Government Act Sends Signal To Municipalities To Make Domains Safer
By David Carlucci
Many state and local governments operate official websites with .us, .com or .org domains but that will change as they opt for more secure and trusted .gov domains.
What should make this easier is the DOTGOV Online Trust in Government Act, a piece of legislation nestled into an omnibus spending and coronavirus pandemic relief bill Congress passed in December.
The law provides support services, security enhancements and outreach from the federal government to state and local agencies to get them to shift their domains to .gov. The law mitigates the costs of making the shift, which security experts agree is an essential element of improving internet security for government agencies.
The law’s passage was praised by the National Association of State Chief Information Officers, whose president, New Hampshire CIO Denis Goulet, said in a statement the “adoption of the DotGov domain is one of the simplest steps that governments can take to strengthen their cybersecurity posture and sends a message to the user that the domain is legitimate, secure and trusted. With rampant misinformation and disinformation campaigns from issues ranging from elections to COVID-19, it is paramount that citizens receive accurate and trusted information from government websites.”
Experts generally agree that the .gov domain is more secure and helps CIOs and CISOs make it more difficult for malicious actors and scammers to co-opt government websites.
According to a recently released report by McAfee, cybercrime costs the world economy more than $1 trillion, or just more than one percent of global GDP. Municipalities are increasingly becoming targets for a particular type of cybercrime called ransomware attacks; this is when a hacker takes hostage data of a municipality and demands a ransom payment to get the data back or even allow the municipality to regain access into their system. A report from Comparitech shows that cyberattacks cost local governments over $18 billion in recovery and downtime in 2020.
McAfee says “acquiring a .gov website name requires that buyers submit evidence to the U.S. government that they truly are buying these names on behalf of legitimate local, county, or state government entities,” adding that “the lack of .gov in a website name means that no controlling government authority has validated that the website in question is legitimate.”
The COVID-19 Pandemic has reinforced how essential a functional and accessible government website is. Law enforcement agencies from around the country have put out warnings to be on high alert for cybercrime.
Lack of .gov websites causes credibility issues for the local government and makes it unclear to residents which websites are legitimate. A government website with a .gov not only provides trustworthiness, it also is better able to protect against malicious email traffic and Domain Name System (DNS) hijacking.
The new Act transfers the .gov (DotGov) program’s responsibility from the General Services Administration to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). It authorizes the Department of Homeland Security to run the DotGov program and provide resources to expedite all governments to the DotGov program.
Also, the law permits Homeland Security Grant funds as an allowable expense for implementing the .gov domain. Freeing up grant funding to not further burden local property taxes is good news because we have much work to do right here in our community.
In Rockland County, we have twenty-five municipalities. Only three — the Villages of Suffern, Nyack, and South Nyack — have .gov websites.
Expeditiously integrating all of our government’s websites to .gov domains is a wise move and one that will save residents a great deal of money and heartache in the future. It may not be top of mind for residents or even government officials, but it should be because cyber attacks can be devastating events.
David Carlucci consults organizations on navigating government and secure funding. He served for ten years in the New York Senate