U.K. government websites undergoing security upgrade, to include HTTPS encryption

glitchy image of a lock

Remix via Max Fleishman Photo via Luke Jones / Flickr

Cybersecurity is taking high priority in the U.K.

The U.K. government’s web presence is set to undergo a cybersecurity upgrade this year.

By October, all government websites will be required to use HTTPS encryption with HSTS (Strict Transport Security) to protect against downgrade attacks that would bypass HTTPS.

HTTPS is a powerful tool that protects much of the information being traded between a person and the website they visit.

HTTPS encrypts a visitor’s connection to a website so that eavesdroppers can’t easily spy on her internet traffic, authenticates the website so she can be sure she is visiting the real site and not an imposter, and verifies the integrity of the website’s data.

For important websites, like those of government and businesses, HTTPS is increasingly the norm because normal HTTP websites can be spied on, modified, and impersonated.

The U.K. government is also pushing adoption of DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent use of a government domain by hackers aiming to phish victims using a trusted domain.

American government websites pushed to adopt HTTPS last year following the hack of the Office of Personnel Management, the largest breach in U.S. government history

The deadline for every U.S. government website to move to an encrypted connection is Dec. 31, 2016 but there’s a good chance the goal won’t be reached by then.

A public dashboard created to monitor progress states that only 45 percent of federal websites use HTTPS and that fewer still enforce that connection or protect against downgrade attacks.

H/T Tom’s Hardware

Layer 8
Russia lawmakers pass sweeping spying law that requires encryption backdoors, call surveillance
It's being called an 'anti-terrorism' bill—but it's much more.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.