According to a recent Federal Trade Commission fraud report, scams impersonating government officials saw a 15% rise last year, with the agency receiving 228,000 accounts of such fraud in 2023 alone. As online platforms become increasingly ubiquitous, the number of imposter scams is only expected to rise, prompting the Cybersecurity and Infrastructure Agency (CISA) to respond with a more aggressive push to transition all government websites to the trusted .gov domain. Solely reserved for government agencies, the domain serves as a clear marker of authenticity and helps combat misinformation.

After a brief hiatus at the end of 2023, CISA reopened .gov applications on January 31st, unveiling a modernized process aimed at decreasing the barrier to entry for organizations. With a significantly improved user experience, the revamped .gov registrar streamlines the application process and enhances accessibility for local governments. If the record-breaking number of applications reported by CISA for the first week of February is any indication, the new approach is set to increase adoption dramatically.

Why is .gov domain adoption important?

The top-level .gov domain is exclusively designated for government agencies to disseminate trustworthy information to the public. By harnessing this domain, governments can actively combat misinformation and spoofing, safeguarding the integrity of vital information. It plays a pivotal role in enhancing public trust in governmental institutions, offering citizens direct and unambiguous access to essential information, thereby fostering transparency and accountability.

Although the security advantages of a .gov domain aren’t inherently embedded within the domain itself, its utilization offers several security benefits. The stringent verification process required to obtain a .gov domain helps authenticate the legitimacy and authority of government entities, deterring malicious actors from posing as governmental institutions. The .gov domain also acts as a shield against domain spoofing and impersonation attacks, making it more challenging for threat actors to create fraudulent websites mimicking official government sites, thus reducing the risk of phishing and social engineering attacks.

In addition, government entities utilizing the .gov domain often implement robust security measures, from multi-factor authentication and advanced encryption to regular security audits, safeguarding systems from attacks. This comprehensive approach to security, combined with ongoing monitoring and incident response mechanisms, enhances the overall security posture of government entities and contributes to a safer digital environment.

Scaling Outreach Efforts for a Boost in Adoption

Historically, securing a .gov domain was exclusive to federal government organizations and came with a $400 price tag. However, since the management of the registry was transitioned from the General Services Administration to CISA in 2021, domains became free for eligible government entities, and the eligibility criteria have been expanded significantly as well.

As part of a strategic initiative aimed at scaling outreach efforts for the .gov transition, CISA enlisted Alexander McElya as Senior Analyst and External Communications Lead last year. His recruitment reflects CISA’s commitment to expanding and optimizing the digital presence of government entities across the United States.

Currently, one of CISA’s primary adoption objectives is to ensure that all the country’s top 100 most populated cities establish their online presence through a .gov domain. With just 10 cities remaining to achieve this milestone, concerted efforts are underway to facilitate their transition. Additionally, CISA aims to increase the number of counties utilizing .gov domains, with about 43% of U.S. counties currently represented in the registry.

A Streamlined Application Process

CISA has made significant strides in modernizing the .gov application protocol, streamlining it into a fully digital process that can be completed in 15 minutes—a stark contrast to the weeks-long wait times under the previous system. Without the need to mail official letters and secure signatures from the highest elected officials within government agencies, the new system accelerates the establishment of an official online presence for local governments.

The agency also broadened the scope of eligible staff members who can file the application. By expanding the definition of an authorizing official to include roles such as chief technology officer, city manager, or chief administrator, the agency has effectively decreased barriers to entry and reduced friction in the application process. This new approach ensures that individuals with significant executive responsibility can swiftly navigate the digital request process, eliminating unnecessary bureaucracy, and providing an efficient and accessible avenue for organizations to secure the .gov domain designation.

Nevertheless, the streamlined procedure maintains its commitment to security. Organizations are still required to respond to most of the same questions, and every request undergoes verification via Login.gov, bolstering the authority and reliability of the application process. By leveraging Login.gov, applicants undergo a simplified yet highly secure authentication process.

A Transition in Progress

According to a Government Technology analysis of CISA data, out of the 3,144 counties across the United States reported by the Census Bureau, 1,337 distinct U.S. counties are represented within the .gov registry. This signifies that approximately 43% of county governments have successfully completed registration for the .gov domain so far.

Regional disparities in .gov domain adoption reveal varying levels of digital engagement among U.S. counties. The Northeast emerges as the frontrunner in embracing the .gov domain, with 52% of counties utilizing it to establish their online presence. In contrast, the Southern region lags behind, with only 38% of counties leveraging the domain. The West and Midwest fall in between, with 45% and 44% of counties, respectively, utilizing .gov domains. These regional differences underscore the importance of targeted outreach and support initiatives to ensure equitable access to digital resources and facilitate greater online engagement across all regions of the United States.

Addressing Challenges

The disparity in .gov domain registration among counties reveals significant challenges, particularly for smaller jurisdictions. In 2020, less than a quarter of counties had successfully registered, with larger counties displaying a markedly higher adoption rate than those with smaller populations. These trends have continued into 2024. Statistics indicate that at least 62% of counties boasting populations of 500,000 or more have secured .gov domains, while a mere 27% of counties with populations of 10,000 or fewer have done so.

Smaller counties face numerous hurdles in the registration process, primarily stemming from limited technical capacity and expertise to navigate DNS-related resources effectively. To address this, CISA has slated the release of a prototype of its DNS hosting module in 2024, aiming to streamline the process and empower counties to manage their DNS records efficiently within a unified platform.

Beyond technical challenges, smaller countries also grapple with the financial burden of migration. While the .gov domain itself is free, the associated costs, including rebranding, public outreach, and collaboration with external IT experts, are not.

This is where the State and Local Cybersecurity Grant Program (SLCGP) comes in, aiming to increase .gov adoption by making migration mandatory as one of its core requirements and providing the necessary funding to do so. Launched in 2022, the SLCGP is an initiative aimed at helping eligible entities address cybersecurity risks and safeguard information systems operated by state, local, and territorial governments. The program provides $1 billion in funding over four years, enabling local governments not only to devise a cybersecurity roadmap but to fund its implementation as well.

A .gov domain instills credibility and trust in the information and services offered through official government channels, enhancing public trust in institutions. Despite the hurdles of migration, it is the most effective method to foster confidence in citizens regarding the authenticity and reliability of the information they encounter.

Ready to start your journey to establishing your .gov domain? Springbrook Software has assembled all the information you need in one place. Download our complete guide to acquiring a .gov domain here.