Domain Shift: Why Governments Are Rethinking Their Web Addresses

Domains like “.gov” are only available to US government entities and organizations, unlike “.com”, “.org”, or “.us”, which anyone can purchase. By transitioning to a “.gov” domain, counties can safeguard online services and foster greater public confidence.

The National Conference of State Legislatures (NCSL) hosted its annual legislative summit, convening the nation’s largest gathering of state legislators and legislative staff this August in Louisville. NCSL dedicated a full day of programming to AI, cybersecurity, and privacy discussions. Among the topics discussed, national cybersecurity experts piqued the interest of state legislators by presenting the case for all governments to have a “.gov” domain instead of “.org” or “.com”. Arguing that trust in government is increasingly vital in a technology-dominated society, as cyber-attacks and malware regularly occur. Local governments’ digital presence must be secure and credible. Switching to a “.gov” domain is a step counties can take to safeguard their online services while strengthening public trust.

Advantages of Transitioning to “.gov”

As misinformation and phishing scams grow more sophisticated, having an official “.gov” domain could help local governments stand out as trusted sources of information. Security is another significant benefit of switching to a “.gov” domain. Phishing attacks or impersonation schemes often target government organizations, and a “.gov” domain offers enhanced protection. This would be especially helpful for local election websites, which are increasingly tasked with countering false information by being easily recognizable as official and legitimate sources. According to CyberScoop, a warning in a Department of Homeland Security bulletin sent to state and local election officials back in 2020, the FBI discovered over 50 suspicious domains resembling legitimate election websites. Since “.gov” domains are tightly regulated, it is more challenging for malicious actors to replicate sites or lure visitors into engaging with fraudulent versions. This level of security is essential to protecting entities and communities from cyber threats.

From the Cybersecurity and Infrastructure Security Agency (CISA):

  • Multi-factor authentication is enforced on all accounts in the “.gov” registrar, which may not be the case for other commercial registrars.
  • “.gov” domains are ‘preloaded’, which requires browsers to use only a secure (HTTPS) connection with your website. This helps protect your visitors’ privacy and helps ensure the content you publish is exactly what’s received.
  • You can add a security contact for your domain, making it easier for the public to tell you about a potential security issue with your online services.

Reducing Barriers to Adopting “.gov” Domains

In 2019, acquiring a “.gov” domain cost an annual registration fee of $400, potentially creating a barrier for smaller, more rural counties and towns from considering adoption. With the establishment of the federal “DOTGOV Online Trust in Government Act,” the process transferred from the General Services Administration to the Cybersecurity and Infrastructure Security Agency (CISA). According to NCSL, the Act intends to make it easier for state and local government entities to use the domain for their official website. One of the first steps CISA took to reduce barriers and encourage county adoption, especially in rural counties, was to remove the annual registration fee. Counties can now get a “.gov” login for no cost.

In late 2023, CISA paused all domain requests to improve its internal domain application process. Applications reopened in January 2024 and have since received a record number of entities applying. The domain request process is now fully digital, an improvement from once requiring a signature from the highest-ranking official in the local government. The digital application is estimated to take about 15 minutes – again, a way to reduce the barriers to jurisdictions seeking to make this switch.

While the “.gov” domains are free, shifting to them isn’t completely so. Counties might need to update marketing materials, inform the public, and update their IT infrastructure, which can be expensive, particularly for small counties that may need to contract out IT services. In an effort to mitigate these concerns, counties can now use funds from the State and Local Cybersecurity Grant Program (SLCGP) to transition to a “.gov” domain. 

Approval Process for Attaining a “.gov” Domain

According to the .gov registry of the Cybersecurity and Infrastructure Security Agency (CISA), domain requests from counties must be approved by the commission chair or an individual holding a significant executive position within the county, such as a county judge, county mayor, parish/borough president, senior technology officer, or a comparable role. In some instances, other county-level officials like the county clerk, sheriff, auditor, or comptroller may also qualify.

You can learn more about transitioning to a “.gov” domain here. 

This article is part of MACo’s Deep Dive series, where expert analysts explore and explain the top county issues of the day. A new article is added each week – read all of MACo’s Deep Dives.