Following hacks on the IRS and the OPM, the government has decided that all public federal agency websites and services will be moving to HTTPS only.
A memorandum was issued Monday by federal CIO, Tony Scott, to all federal agencies regarding the change. Moving forward, all current and future sites will be switched to HTTPS by December 31st, 2016.
HTTPS is a communications protocol that secures communications over a network, most often the internet. It is achieved by layering the Hypertext Transfer Protocol (HTTP) on top of the SSL or TLS protocol.
“The unencrypted HTTP protocol does not protect data from interception or alteration, which can subject users to eavesdropping, tracking, and the modification of received data. The majority of Federal websites use HTTP as the as primary protocol to communicate over the public internet,” the memorandum explains, “Private and secure connections are becoming the Internet’s baseline, as expressed by the policies of the Internet’s standards bodies, popular web browsers, and the Internet community of practice. The Federal government must adapt to this changing landscape, and benefits by beginning the conversion now.”
An interesting piece of information to note is that they are not requiring HTTPS in their intranets. So the government has finally figured out what most of the U.S. came to awhile ago, and yet they still don’t understand that the biggest security threats come from the inside.
Why would they secure public sites and not the internal network where highly sensitive data is kept?
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.