The U.K. government’s web presence is set to undergo a cybersecurity upgrade this year.
By October, all government websites will be required to use HTTPS encryption with HSTS (Strict Transport Security) to protect against downgrade attacks that would bypass HTTPS.
HTTPS is a powerful tool that protects much of the information being traded between a person and the website they visit.
HTTPS encrypts a visitor’s connection to a website so that eavesdroppers can’t easily spy on her internet traffic, authenticates the website so she can be sure she is visiting the real site and not an imposter, and verifies the integrity of the website’s data.
For important websites, like those of government and businesses, HTTPS is increasingly the norm because normal HTTP websites can be spied on, modified, and impersonated.
The U.K. government is also pushing adoption of DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent use of a government domain by hackers aiming to phish victims using a trusted domain.
American government websites pushed to adopt HTTPS last year following the hack of the Office of Personnel Management, the largest breach in U.S. government history.
The deadline for every U.S. government website to move to an encrypted connection is Dec. 31, 2016 but there’s a good chance the goal won’t be reached by then.
A public dashboard created to monitor progress states that only 45 percent of federal websites use HTTPS and that fewer still enforce that connection or protect against downgrade attacks.
H/T Tom’s Hardware