Domain Name Security Neglected by U.S. Energy Companies: Report

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.

The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric utilities, water treatment plants and other industries protect their systems.

Data collected by CSC last week shows that nearly 80 percent of the top U.S. energy organizations are at risk of cyberattacks targeting their DNS and internet domain names. The data covers the 30 biggest U.S. companies (by market capitalization) that produce and deliver energy.

Specifically, CSC found that nearly 80% of energy firms don’t use registry locks, which can prevent domain name hijacking and unauthorized changes to DNS. More than two-thirds of the analyzed domains are registered with consumer-grade registrars instead of enterprise-grade registrars, which typically provide better security.

The analysis also found that when it comes to DNS security, only 3% use DNSSEC, which provides cryptographic authentication and integrity to DNS data. Furthermore, only 17% use DNS hosting redundancy, which is a backup mechanism for DNS outages that can result from configuration errors, infrastructure failure, or DDoS attacks.

CSC has also looked at the use of the DMARC email authentication protocol and found that 73% of the top 30 energy companies in the U.S. have a DMARC record in place.

Organizations can set the DMARC policy to “none” to only monitor unauthenticated emails, “quarantine” to send them to the spam or junk folder, o ..