Government Lab Maps Safer Federal Web Sites

Sandia National Laboratories, a research arm for the Department of Energy, has created a tool to help federal agencies fight cyber-crooks.

The new web-based tool, a visualization tool called DNSViz, creates maps of various web addresses corresponding to agency websites. The visual display is intended to help government IT staff comply with security standards that have been in place since 2008 but that have proved difficult to implement. The federal government owns 1,489 government web addresses and an estimated 11,013 websites spread across 56 agencies, according to the General Services Administration. Since 2008, federal websites have been required to comply with a new Internet security standard, but the standard is hard for government IT staff to configure and maintain; in fact, a 2010 report by Internet consultant and service provider Internet Identity found that just 36% of federal agency domains had met their obligation. That means up to 64% of government sites could harbor security threats, or in some cases, be unavailable to users trying to visit them. The standard, called Domain Name System Security Extensions or DNSSEC, was introduced to address security loopholes that have allowed criminals over the years to quietly hijack web sessions, luring users to websites that mimic the look of the site the user originally intended, and then baiting users into sharing personal information such as social security or credit card numbers that could then be used or sold.