cyber
TRENDS
Protective DNS provides a scalable preventative control that can stop threats before they reach end-users or users.
• Architecture and infrastructure design
• Availability and resilience engineering
• Data integrity and trust( e. g. DNSSEC)
• Privacy protections( e. g. encrypted DNS)
• Threat detection and prevention( e. g. Protective DNS)
• Operational visibility and governance
In other words, DNS security is not something that can be bolted on.
This shift is particularly important in the context of evolving regulation. Increasingly, regulators are focusing on outcomes: resilience, risk reduction and service continuity rather than box-ticking exercises.
Organisations that rely on partial or superficial controls will struggle to demonstrate those outcomes.
To meet both the spirit and the letter of emerging requirements, organisations must adopt a holistic view of DNS security, one that aligns with the breadth of guidance outlined in SP 800-81r3.
Regulation is catching up
If organisations have not yet prioritised DNS security, regulation may soon force the issue.
In the United Kingdom, the proposed Cyber Security and Resilience Bill signals a significant shift in how cyber-risk will be regulated, particularly for critical infrastructure and essential digital services.
As this framework evolves, it is expected to drive more detailed technical expectations for organisations operating critical services. Given the central role DNS plays in those systems, it is difficult to envisage a scenario where DNS is not explicitly addressed and where globally recognised best practices such as those outlined in NIST SP 800-81r3 are not reflected in future guidance.
More broadly, there is a growing opportunity for regulators globally to align around common frameworks like SP 800-81r3. Doing so would bring:
• Consistency across jurisdictions
• Clarity for organisations navigating compliance
• Stronger security and resilience outcomes at both technical and business levels
A critical moment for re-evaluation
The release of SP 800-81r3 should serve as a clear signal: now is the time to re-evaluate your DNS security strategy.
The European Union’ s NIS2 Directive explicitly references NIST SP 800-81, cementing its position as the global benchmark for DNS best practices. This has significant implications:
• Over 180,000 organisations fall within the scope of NIS2
• DNS will need to be addressed as part of cybersecurity and resilience strategies
• National regulators are likely to adopt and enforce these best practices
And this is just the beginning.
Organisations need to ask themselves:
• Do we have visibility into DNS activity across our environment?
• Are we leveraging DNS as a proactive security control?
• Is our architecture aligned with modern best practices and emerging standards?
• Are we prepared for regulatory expectations tied to DNS resilience?
For many, the honest answer will be‘ not yet’.
NIST SP 800-81r3 is more than just an update. It is a reset moment for how organisations think about DNS. It highlights a reality that can no longer be ignored:
• DNS is foundational to cybersecurity
• DNS is critical to cyber-resilience
• DNS will be central to the future of Artificial Intelligence-driven networks
Organisations that act now can turn DNS into a strategic advantage. Those that do not may soon find themselves catching up under pressure from regulators or worse, in response to an incident.
54 WWW. INTELLIGENTCISO. COM