In order to remove unnecessary barriers and reduce the credibility of malicious impersonation attempts, .gov domains are now available at no cost for qualifying organizations. Prior to the action, the price of .gov domains was $400 per year, a fee that has been felt most acutely by smaller municipalities and the election community.
The DotGov program, part of the Cybersecurity and Infrastructure Security Agency, operates the .gov top-level domain (TLD) and makes it available to U.S.-based government organizations, from federal agencies to local municipalities. CISA is part of the Department of Homeland Security (DHS).
“In conversations with current, former, and potential .gov registrants, one concern was raised above all others: the price of .gov domains, $400 per year,” a notice on the DotGov website pointed out. “Though .gov is like a gated community -- a digital space that’s only available to genuine U.S.-based government organizations -- government IT administrators have often found the higher price hard to justify to their management in the face of lower-cost alternatives, typically priced at less than $20 annually from other TLDs. This is felt most acutely by smaller municipalities and the election community.”
Since most other TLDs do not restrict who can obtain domains, “it can be hard to tell whether a non-.gov-using online service that purports to be from a government is genuine. That impacts the public, who may be susceptible to cybersecurity or other real-world harms related to impersonation attempts. Similarly, these attempts can be successful at impersonating government officials to other officials inside government.”
The notification about the price of .gov domains said that there has “perhaps never been a more important time for the public to know where to get official government information online.” Therefore .gov domains will be available at no cost for qualifying organizations, effective April 27.
“Now may be a good time for public power utilities to switch to the .gov domain given that there are services that are offered by DHS-CISA that protect these domains with federal cybersecurity resources,” said Nathan Mitchell, Senior Director of Operations Programs at the American Public Power Association.
Additional details are available here.
APPA also recommends:
Signing up for CISA’s Cyber Hygiene
CISA operates a network and vulnerability scanning service for government organizations called “Cyber Hygiene”. Cyber Hygiene provides regular reports to help secure internet-facing systems from weak configuration and known vulnerabilities, and encourages the adoption of modern security best practices.
For non-federal government organizations, consider joining the Multi-State Information Sharing and Analysis Center. MS-ISAC has been designated by CISA as the cybersecurity information sharing center for state, local, tribal, and territorial governments, and works to help ensure the resiliency of government systems.