The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced it is retiring 10 Emergency Directives (EDs) issued between 2019 and 2024. The list includes high-profile mandates such as ED 19-01 (Mitigate DNS Infrastructure Tampering) and ED 20-03 (Mitigate Windows DNS Server vulnerability).
While these directives primarily target U.S. federal civilian agencies, the concept of retiring critical security mandates offers crucial governance lessons for the Web3 security landscape. Although decentralized protocols operate on blockchain technology, the surrounding infrastructure—node operators, API gateways, frontends, and developer environments—still relies on traditional operating systems, networking protocols, and DNS. CISA’s decision to ‘close’ these directives indicates that the required mitigation actions have been successfully deployed across the target population, and the immediate, emergency-level risk has been effectively reduced or eliminated.
Web3 organizations must adopt similar rigor in managing their security response lifecycle. When addressing urgent threats specific to decentralized infrastructure (e.g., critical vulnerabilities in client software or zero-day risks in essential dependencies), simply applying a hotfix is insufficient. Following CISA’s precedent, Web3 projects must establish a formal process to verify the persistent effectiveness of the mitigation, document the risk reduction, and formally ‘close’ the emergency status. The integrity of core Web3 services often hinges on the security hygiene of the underlying traditional IT components; failure to diligently manage infrastructure risks, such as DNS security, can lead to catastrophic exploits affecting wallets or centralized frontends.
Source: CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
コメント