Digital Innovation Hub Trakia /Cyber4All EDIH/ is the only Bulgarian participant in the Multi-Stakeholder Forum on Internet Standards Deployment – a special expert group coordinated by the European Commission and focused on the practical deployment of key Internet standards and best practices in support of Europe’s cyber resilience.
The Hub’s representative and Chairman of the Board, Dr. Hristian Daskalov, presented key developments from the Forum during the European Cyber Resilience Workshop, organised by Whalebone in Brussels in collaboration with GIZ (The Deutsche Gesellschaft für Internationale Zusammenarbeit), European Cyber Security Organisation (ECSO) and Czechtrade . His presentation focused in particular on the work of the DNS Security Work Stream, one of the main areas of the Forum’s activity.
The Multi-Stakeholder Forum on Internet Standards Deployment brings together representatives of industry, technical communities, public authorities, network operators, vendors and other stakeholders. Its purpose is not to create new technical standards, but to help bridge the gap between existing Internet standards and their practical deployment by organisations across Europe.
This role is particularly important in the context of NIS2, where many essential and important entities are expected to apply appropriate technical, operational and organisational measures for network and information security. In this environment, the challenge is not only to identify relevant standards, but also to determine which practices are realistic, proportionate and applicable to different types of organisations.
DNS security as a practical layer of cyber resilience
DNS – the Domain Name System – is often described as one of the core layers of the Internet. It allows users and systems to translate human-readable domain names into the technical addresses and records needed for digital services to function.
At the same time, DNS has become a critical cyber-resilience issue. If DNS is manipulated, unavailable or abused, users may be redirected to malicious infrastructure, essential services may become unreachable, and organisations may lose visibility over important security signals.
During the Brussels workshop, Dr. Daskalov presented the current direction of discussions in the DNS Security Work Stream, including the need to structure DNS security around several complementary dimensions:
- integrity and authenticity, including the role of DNSSEC;
- confidentiality and privacy, including mechanisms such as DNS over TLS, DNS over HTTPS, DNS over QUIC and QNAME minimisation;
- resilience and anti-abuse measures, including DNS Cookies, serve-stale mechanisms, redundant DNS infrastructure, monitoring and error reporting;
- role-based operational practices for authoritative DNS providers, recursive DNS operators and organisations relying on internal or third-party DNS infrastructure.
A key message of the presentation was that DNS security cannot be reduced to one single measure. DNSSEC, for example, is essential for validating the authenticity and integrity of DNS data, but it does not encrypt DNS queries and does not replace abuse prevention or operational monitoring. Similarly, encrypted DNS improves confidentiality, but it does not by itself protect users from malicious domains.
DIH Trakia supports Protective DNS as a key resilience best practice
Digital Innovation Hub Trakia is a strong proponent of the Protective DNS approach and believes that it should find a clear place in the future DNS security guidelines developed through the Forum.
Protective DNS uses the DNS layer as a practical security control. It can help prevent users, systems and organisations from connecting to known malicious, suspicious or high-risk domains associated with phishing, malware, ransomware infrastructure, botnets or command-and-control networks.
Importantly, Protective DNS should not be understood simply as “DNS blocking”. Blocking or filtering is only one enforcement mechanism. In a broader sense, Protective DNS combines threat intelligence, policy controls, logging, monitoring, alerting and response capabilities in order to reduce exposure to malicious online infrastructure.
This makes it especially relevant for public authorities, SMEs, regional organisations and sectors with limited cybersecurity capacity. For many such organisations, Protective DNS can provide a scalable and cost-effective layer of protection without requiring complex internal security operations.
“DNS security is a practical example of how Europe should approach cyber resilience – not only through regulation and abstract requirements, but through deployable technical practices that organisations can understand and implement according to their role and capacity. Protective DNS is one of these practices. It is scalable, operationally useful and highly relevant for protecting public institutions, SMEs and citizens,” said Dr. Hristian Daskalov, Chairman of the Board of Digital Innovation Hub Trakia.
Bulgaria’s voice in the European discussion
As the only Bulgarian participant in the Multi-Stakeholder Forum on Internet Standards Deployment, and the only digital hub represented among 200+ hubs across Europe, DIH Trakia brings the perspective of both the Bulgarian innovation, SME and cybersecurity ecosystem,as well as the perspective of the pan-EU EDIH ecosystem, into a highly relevant European policy and standards discussion.
The Hub’s participation is also closely aligned with its broader mission: to help organisations in Bulgaria and the region understand, adopt and benefit from European cybersecurity, digital transformation and resilience practices.
Through its work in the Forum, DIH Trakia will continue to support guidance that is not only technically sound, but also practically usable by different categories of organisations – including SMEs, public institutions, digital service providers, regional ecosystems and entities with limited internal cybersecurity resources.
The main message from the Brussels workshop is clear: Europe’s cyber resilience depends not only on advanced technologies and regulatory frameworks, but also on the secure deployment of the basic layers of Internet infrastructure. DNS is one of these layers. For this reason, DIH Trakia believes that Protective DNS should be recognised as an important, practical and scalable best practice for a safer and more resilient digital Europe.
