DHS will present its 2010 budget request before the Senate Committee on Homeland Security and Governmental Affairs today, including a reported $400 million to protect critical infrastructure and cyber networks from attack. $11 million of this was requested to fund DHS's Information Infrastructure Security (IIS) Program and Secure Protocol Project, including work on securing the Internet’s Domain Name System (DNS) and routing infrastructure. Despite the relatively small amount of funding, SPP work is intended to, and if successful could, have far reaching impact on the Internet.
According to DHS's Congressional budget justification (pg. 3057, warning 16.4 MB), its DNS security “activities focus on enabling all DNS-related traffic on the Internet to be compliant with the DNSSEC standard protocol that secures DNS communications.” In addition, DHS outlined what it believes it has accomplished so far and what it expects to do this year and next:
In FY 2008, within DNSSEC, the project completed the modification of end-user applications such as web browsers and e-mail clients to provide end-to-end security to assure authenticity and integrity of information; provide step-by-step operator guidance documentation for various operating environments, along with training, procedural, and development documentation, as well as executable software, patches, commented source code files, and packaging requirements; and developed and deployed a Public Key Infrastructure (PKI) [i.e., RPKI] with the American Registry for Internet Numbers (ARIN), which controls and allocates IP addresses for North America. In FY 2009, the project will deploy additional DNSSEC protocol and gather operational DNSSEC query data in an effort further analyzing DNS security, and initialize deployment within government networks.
In FY 2010, the project plans to conclude PKI deployment activities with global registries to enable effective and efficient connections between URLs; develop and deploy standards for secure routing; and gather operational DNSSEC query data to further analyze DNS security, and accelerate deployment of DNSSEC policies and technology.