The Center for Cybersecurity Policy and Law held an event with industry and government stakeholders to discuss the importance of securing the Domain Name System (DNS) to combat increasing global cybersecurity threats on Jan. 20. 

The discussion took place as the National Institute of Standards and Technology (NIST) prepares to release Revision 3 of Special Publication (SP) 800-81, Secure Domain Name System (DNS) Deployment Guide, which outlines best practices for organizations seeking to strengthen DNS security.

DNS is the system that translates human-readable domain names (e.g., centerforcybersecuritypolicy.org) into machine-readable Internet Protocol (IP) addresses (e.g., 99.83.190.102) that computers use to communicate. Since DNS underpins nearly all internal and external-facing networks, a cybersecurity incident affecting it can potentially halt an organization’s operations entirely and significantly extend its response and recovery timeline.

That same centrality, however, gives DNS strategic value when it is properly secured, enabling earlier detection of threats. The upcoming revision to NIST SP 800-81 reflects these advantages by emphasizing that DNS is not simply an IT service operating in the background; it’s now “a foundational layer of network security in zero trust and defense‑in‑depth security risk management approaches,” the SP states. 

The update provides practical guidance to help organizations implement secure DNS as part of a zero trust approach, strengthens cybersecurity resilience, and aligns with emerging international regulations, such as the European Union’s NIS 2 Directive. For more information about DNS security, read our DNS Security Primer.

The event featured remarks from Kevin Stine, Director of NIST’s Information Technology Laboratory (ITL). He highlighted the “gold-standard science” conducted by NIST and outlined four core pillars guiding the agency’s work, as set out in its September 2025 NIST Strategy for American Technology Leadership in the 21st Century: 

1. Accelerate Innovation in Critical and Emerging Technologies (CETs) of the Future
2. Bolster American Leadership in Standards
3. Accelerate the Commercial Adoption of U.S. Innovations
4. Build 21st Century Research Infrastructure to Unleash CET Innovation

Stine emphasized that continued innovation by NIST and the broader scientific community depends on a robust and secure technical foundation, with secure DNS playing a critical role in enabling that foundation.

Stine also participated in a fireside chat titled Secure DNS as Foundational to Security with Ari Schwartz, Executive Director of the Center for Cybersecurity Policy and Law, and Scott Harrell, CEO of Infoblox, a company specializing in DNS security. During the discussion, Stine underscored the importance of NIST’s collaborations with industry to produce guidance that is relevant to practitioners. 

Harrel in turn expressed his strong support for NIST guidance because it helps organizations meaningfully improve security rather than provide a compliance checklist. He emphasized that NIST guidance carries “authority and credibility” and continues to be viewed and promoted by industry as the “gold standard.”

In discussing DNS security more broadly, Harrell highlighted the role DNS plays in implementing zero trust architectures. Enabling a device to connect to a server inherently introduces a level of trust, and DNS security helps identify and block malicious connections early. Harrell noted that because cyber adversaries often seek to maximize disruption by targeting mission-critical systems — especially platforms that host multiple critical components — NIST calls for “separation of duties,” with DNS running on dedicated, purpose-built infrastructure so that vulnerabilities in other software on the same system cannot be used to compromise its availability or integrity. 

Harrell also warned that artificial intelligence will increase both the scale and personalization of cybersecurity threats, enabling attackers to operate more efficiently and at greater volume. This shift, he argued, requires moving away from “reactive” defense models and toward “preemptive” approaches that equip defenders with tools capable of operating at the speed of AI-enabled threats.

In a session titled Deep Dive: The Three Pillars of SP 800-81, Scott Rose, a computer scientist at NIST, provided a detailed overview of key updates in the upcoming revision to NIST SP 800-81. He explained that it clarifies the distinct roles DNS plays across an enterprise and offers recommendations for protecting the integrity, availability, and confidentiality of DNS services. Specifically, it explains:

1. The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source for information when evaluating access requests.
2. The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC.
3. The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries.

The event concluded with a session titled Policy Fireside: Federal Adoption Pathways, featuring Mike Duffy, Acting Federal Chief Information Security Officer (CISO) at the Office of Management and Budget (OMB), in conversation with Ross Nodurft, Senior Director of Cybersecurity Services at Venable LLP. Duffy discussed different federal agencies’ roles and responsibilities in cybersecurity policy and operations and outlined the process by which NIST guidance is operationalized across federal agencies. 

Duffy emphasized the importance of incorporating Secure DNS principles into organizations’ zero trust strategies. He also spoke about the importance of balancing between centralized and federated deployment models for cybersecurity capabilities, noting that DNS security tools are well suited for centralized implementation, while capabilities such as endpoint detection and response are often more effective when deployed in a federated manner.

‍