Critical Infrastructure is Under Cyber Threat – Can DNS Help?

The U.S. Department of Homeland Security (DHS) announced this week that it is creating a center to help private industry defend critical infrastructure.

Last updated: September 15, 2025

An avatar of the author
Hilary Vizel
U.S. Department of Homeland Security seal, illustrating DHS role in protecting critical infrastructure from cyber threats
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The Department of Homeland Security has created a center to help private industry defend critical infrastructure from growing cyberthreats, emphasizing that cyber risks now exceed physical terrorist and criminal threats. The article highlights DNS as a critical sensor for cybersecurity because 91% of malware uses DNS for command and control, making DNS management vital for controlling network access, IP assignment, and inter-device communication. By logging DNS requests, responses, and origin IPs and enforcing policies to block unwanted access, infrastructure providers can gain visibility into device intent and detect malicious patterns to reduce the attack surface protecting systems like ATMs, the energy grid, water systems, and healthcare infrastructure.

Why is the Department of Homeland Security focusing on a new center for private industry to defend critical infrastructure?

DHS is focusing on a new center because cyberthreats to the U.S. have grown in breadth and frequency and now surpass many physical threats, according to Secretary Kirstjen Nielsen. The center aims to help private infrastructure providers prevent malicious activity that can cascade across sectors — for example, an attack on a single tech company could rapidly affect finance, energy, water, or healthcare. DHS wants to rethink homeland security to address interconnected digital risks and facilitate collaboration with industry using every tool available, including DNS-based security, to better protect national safety and stability.

How does DNS function as a sensor for cybersecurity teams protecting critical infrastructure?

DNS functions as a sensor by providing a record of every DNS request, response, and originating IP address, which gives cybersecurity teams visibility into the intent and behavior of devices on the network. Because 91% of malware uses DNS to establish command and control, monitoring DNS traffic helps identify patterns of malicious behavior and enables enforcement of policies to block unwanted access to sensitive data. Enterprise DNS management tools therefore allow infrastructure providers to log and analyze DNS activity to detect threats and reduce the available attack surface.

What operational impact can DNS-based security have on infrastructure like power grids or healthcare systems?

DNS-based security can materially reduce operational risk by improving visibility into how machines communicate and by preventing malicious actors from establishing command-and-control channels via DNS. By monitoring and logging DNS transactions and enforcing policies to block dangerous requests or unauthorized access, operators can detect and halt malicious patterns before they cascade across interconnected systems. For critical services such as ATMs, energy grids, water systems, and healthcare, this translates into stronger prevention of disruptions that could otherwise lead to widespread, unpredictable, and cascading consequences for national safety and stability.

With the threat of cyberattacks by foreign adversaries on our critical infrastructure ever-increasing, the U.S. Department of Homeland Security (DHS) announced earlier this week that it is creating a center to help private industry defend critical infrastructure against the next big attack. Homeland Security Secretary Kirstjen Nielsen said she believes that cyberthreats to the U.S. now surpass physical terrorist and criminal threats, adding that “the ‘attack surface’ in cyberspace is now broader and under more frequent assault.”

As the breadth and depth of cyberattacks continues to grow, DHS and the critical infrastructure providers it protects are looking for new ways to prevent malicious activity from occurring. Many are coming around to the use of DNS as a critical sensor for cybersecurity professionals to monitor and leverage.

DNS can play a critical role in protecting critical infrastructure and reducing the attack surface available to cybercriminals. 91% of malware uses DNS to establish command and control, making DNS fundamental to managing who gets on your network, how IP addresses are assigned, and how machines on your network communicate with each other.

Increased connectivity and digital dependence has led to a simultaneous increase in vulnerabilities that can have widespread, unpredictable, and cascading consequences when they are exploited. As Secretary Nielsen noted, “an attack on a single tech company, for instance, can rapidly spiral into a crisis affecting the financial sector, the energy grid, water systems, or the healthcare industry.”

This is why infrastructure providers are turning to DNS enterprise management tools as a way to monitor and log every DNS request, response, and originating IP address. This provides their cybersecurity teams visibility into the intent of every device and the tools to identify patterns of malicious behavior. Set policies can block unwanted access to sensitive data.

Whether it’s ATMs or the power grid, securing critical infrastructure is crucial to maintaining national safety and stability. DHS is taking laudable steps to rethink the scope of “homeland security” in the connected era and facilitate collaboration with industry. They need every tool at their disposal – DNS-based security is one of them.

Published on: August 3, 2018

An avatar of the author

Hilary has worked as a copywriter in digital advertising and the FinTech startup world. She is now working as a Digital Copywriter at BlueCat and learning more every day.

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more