With the U.S. government falling victim to cyber attacks all over the place, it is finally making a move to do a better job of protecting itself.
That is why all publicly accessible Federal websites and web services can only provide service through a secure HTTPS connection, according to a directive from the White House Office of Management and Budget (OMB).
Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services. This data can include browser identity, website content, search terms, and other user-submitted information. To address these concerns, commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services. This move will deliver that same protection to users of Federal websites and services.
All publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31 2016.
OMB first proposed the HTTPS-Only Standard in March and requested comment from the public. During the feedback period, OMB’s proposal received numerous comments and suggestions from Internet’s standards bodies, popular web browsers, and concerned citizens. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at this government website, which is open to contribution from technical experts around the world. A public dashboard is available to monitor progress.
HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It will not protect a web server from a hack or compromise, or to prevent the web service from exposing user information during its normal operation.
An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.
It is critical federal websites maintain the highest privacy standards for the users of its online services. With this new action, the Federal government is going toward a faster Internet-wide adoption of HTTPS and promoting better privacy standards for the entire browsing public.