1

New Rules: Feds Mandate HTTPS on U.S. Government Sites

Created on Jun 16 2015, 4:06 PM by Tiphany Zellers

Have you read the news lately? It seems like hardly a week can go by without another data breach happening.

In the past few years, cybercriminals have upped their game considerably, using incredibly sophisticated attacks in growing number. Out of every six large companies, five were targeted last year for attack—that’s a 40% increase over 2013.*

The recent breach on federal employees’ private data, allegedly from China, only underscores the continued looming menace cybercriminals present—and this threat hasn’t gone unnoticed by the feds.

In a January 12 post on the White House Blog, President Obama is quoted as saying: “This is a direct threat to the economic security of American families, and we've got to stop it.” Further adding, "If we're going to be connected, then we need to be protected."  So true! And that line of thinking is what prompted the U.S. government’s latest move.

To help combat these attacks, the White House has mandated that all public-facing Web sites of the federal government must implement HTTPS within the next two years.

This is no minor security update. It carries far-reaching implications that extend beyond the fed. Here’s what we mean.

What HTTPS Offers to Everyone

HTTPS provides a secure line of communication over the Internet, combining the usual HTTP (Hypertext Transfer Protocol) that you see in the address bar of unsecure sites, with SSL (Secure Sockets Layer) that you’re likely to see on most sites involving financial transactions.    

This federal move shouldn’t come as a surprise, as the majority of the U.S. government sites have already made the switch to the secure protocol. This includes whitehouse.gov, which made the switch on March 11, 2015, to other federal sites that made the jump earlier, like ftc.gov, donotcall.gov, and others.

This goes beyond the initial site communication handshake—drilling down to subdomains, like examplesection.whitehouse.gov, too.

Up until now, many government sites are current with NIST-recommended SSL standards, but the administration has now moved to make prioritizing security and privacy a common practice among all aspects of federal government sites.

Make no mistake about it, this is huge!

These extra security measures follow the Always On SSL tenets advocated by the Online Trust Alliance, exhibiting some of the strongest moves yet to protect the identity and personal information of U.S. citizens online.

Others Must Follow, Strengthening the Security of the Web

Cybercrime isn’t going to easily back down.

Now, it’s far too easy to compromise private information on sites with subpar security. Today’s cybercriminals are smart and tenacious. By protecting all aspects of a site with SSL—not just transaction pages—businesses can help quell social engineering techniques. These complex ruses can now fool even the savviest netizens into handing over their private information to the bad guys.   

Nothing is 100% unhackable now and forever. But just like locking your car doors when you’re out, providing as much security as possible is still a good great idea! By expanding the coverage of SSL, we help further the strength and backbone of the Internet itself.

*2015 Internet Security Threat Report, Volume 20

Symantec_CapitolBuilding_Facebook.jpg

  • Products
  • website security solutions
  • DigiCert Code Signing
  • Products and Solutions
  • Symantec Website Security

Comments

  • 0

    It seems like this should have happened a while ago but it's good to see that this has at least finally been implemented.  Good read!