White House Orders All Federal Sites Go HTTPS By the End of 2016

wk1003mike/Shutterstock.com

Today, most of the federal government's roughly 1,200 websites use HTTP technology, which exposes website content, browser format, search terms and other user information to eavesdroppers.

In a bid to close potential vulnerabilities in the government's Web presence, the White House is mandating every public federal website switch to a more secure Internet connection standard within about a year and a half.

The connection technology, Hypertext Transfer Protocol Secure, provides site visitors more privacy and confidence they are looking at official government websites. The secure protocol also prevents a lot of Web surfing behavior from being watched or toyed with.

Come Dec. 31, 2016, every public federal site must be protected with HTTPS.

Today, most of the federal government's roughly 1,200 websites use HTTP technology, which exposes website content, browser format, search terms and other user information to eavesdroppers.

Anyone observing the network, including an employer or Internet service provider, can see what topics a computer user is interested in. Or instead of just watching traffic, the interloper could redirect the user to fraudulent content. 

HTTPS cannot protect Web servers and other networking systems from being hacked, however. For example, HTTPS would not have stopped self-described Syrian government backers from defacing the official website of the U.S. Army earlier Monday. In that instance, Syrian Electronic Army hacktivists broke into a military contractor’s system and posted a message reading, "YOUR COMMANDERS ADMIT THEY ARE TRAINING THE PEOPLE THEY HAVE SENT YOU TO DIE FIGHTING."

The White House rule will eliminate the burden of deciding what Web content is sensitive enough to merit HTTPS protection and ensure stronger privacy governmentwide, federal Chief Information Officer Tony Scott said in a blog post.

"With this new action, we are driving faster Internetwide adoption of HTTPS and promoting better privacy standards for the entire browsing public," he said. 

The transition to the new format will take elbow grease and money, officials acknowledged. Manual work often is required to transition sites with external images, scripts and fonts that aren't secure, for example. 

The public can see which dot-gov websites are protected with HTTPS by checking an official government website, Pulse, that launched last week. CIA.gov, FTC.gov and HealthCare.gov were early converts to HTTPS. To date, about 160 government sites default to the secure protocol. 

There also is a HTTPS help website for federal web managers.

HTTP sites “will not keep pace with privacy and security practices used by commercial organizations," the HTTPS regulation states. "This leaves Americans vulnerable to known threats, and may reduce their confidence· in their government."

The White House Office of Management and Budget in March first proposed HTTPS requirements. 

(Image via wk1003mike/ Shutterstock.com)

NEXT STORY: RIP, HTTP