ACSC puts out call to build whole-of-gov DNS shield

The Australian Cyber Security Centre (ACSC) has requested vendor support to build out and deploy a new managed DNS (domain name system) layer to protect federal agencies.
 

The protective DNS layer will block known and likely malicious domains, filtering multiple “threat feeds” through an analytics engine.

The service will also provide up-to-date reports to the ASCS and select external partners, with the overarching goal of “[uplifting] the whole of Australia (sic) security posture by reducing the volume of known and likely malicious intrusions,” tender documents state.

Dubbed WINTEROSE, the DNS project has been declared a “strategic priority” by The Australian Signals Directorate (ASD), the ACSC’s parent agency.

Australia’s chief cybersecurity agency has approached the market directly to build out the defensive DNS service, mandating that any proposed solution provide coverage across all government agencies.

Currently, the Government has no centrally managed protective DNS capability.

“The ACSC currently has limited visibility of the government DNS environment and does not have a centralised, responsive method to identify and protect government agencies from malware using DNS as part of the compromise vector,” ACSC documents revealed.

The ACSC has proposed operating on-premise and with government ICT infrastructure, with personnel to be provided by the service provider.

The final service is expected to be up and ready by September, with a shortlist of prospective vendors to be released by late March.

An initial three-month pilot phase will involve 10 to 15 organisations to “determine the feasibility, costs and benefits of upscaling these efforts to protect all levels of Australian government and key systems, including critical infrastructure”.

A second proposed phase will scale the service “to all level of Australian government and key systems, including critical infrastructure”. This will also include the launch of an internet-facing self-service portal, which will allow users to sign up, configure, and receive reports on the service.