Introduced in 2019 by two Democratic and two Republican senators, the DOTGOV Act shifts responsibility for administering official Web domains from the General Services Administration to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). It also requires CISA to come up with an outreach strategy and offer resources to local governments looking to migrate to .gov domains.
One of the bill’s main proponents, the National Association of State Chief Information Officers (NASCIO), applauded the new legislation in a news release today as a cybersecurity measure for state and local government websites. NASCIO Director of Government Affairs Matt Pincus told Government Technology that a .gov domain is advantageous mainly because it signals to users that they’re dealing with a secure, legitimate website or email address — one that’s harder for scammers to co-opt and use to rip people off. The other benefit is for CIOs and CISOs, who have ever-increasing responsibilities for the security of their networks, as this is one small measure that could make their jobs easier.
Pincus was adamant that a .gov domain isn’t fraud-proof, but it’s an improvement over a .com address, and less than 10 percent of eligible governments have one.
“It’s definitely not an accident that DHS CISA felt this was an important thing to have under their purview,” he said. “It’s showing that website domain registration isn’t an IT issue, it is a cybersecurity issue.”
While all 50 states use .gov domains, local governments have been slow to adopt them. A review of available data in 2020 by Government Technology found that 22 percent of counties use a .gov domain, most of them larger counties. Pincus said some smaller jurisdictions don’t have the expertise for handling the transition process of password resets, changing points of contact for domains, two-step authentication, domain name system updates and other technical services, but GSA offered support for them, and CISA will do the same.
“One thing that we’ve heard a lot about is the 24/7 help desk that the .gov program office ran. Anything from technical assistance to patching, the GSA office did a great job of this,” he said. “These are all things that, at the state level, state IT agencies are more than equipped to do this, but when you’re talking about smaller local and municipals who don’t have a dedicated IT person, this is a game changer for them. They don’t have to worry about this. Everything is essentially automatic. They have a contact in the .gov office if they need someone or there’s an issue with their website.”
Another hurdle for .gov domain adoption has been a financial one. Pincus said it comes with an annual $400 registration fee, which some small jurisdictions find hard to justify when they can pay GoDaddy or another website registration service $10 for a .com address. The new bill aims to answer that with two changes: One is outreach, as GSA wasn’t mandated to proactively work with local governments on registering them for these domains. The other is by giving the CISA director — whom President-elect Joe Biden has yet to name — broad latitude to waive the registration fee.
“One of our goals, and the goals of the government associations that we partner with, is to make sure that CISA has an appropriations plus-up so that they can provide all funding to local governments that want to be on .gov,” Pincus said.
He said the fee will likely stay in place for state and federal agencies, but some hope to see the federal government fund registration cost for local governments.
Editor's note: This story has been changed to clarify that the bill in question was an omnibus spending bill.
