US government to make HTTPS a standard for all federal websites

9 Jun 2015

All US government websites are being instructed to implement the HTTPS security standard.

After a week that has seen 4m employees’ data stolen, as well as the US Army website defaced, the US Government is implementing a HTTPS-only standard for all federal websites and services.

A memorandum by the White House Office of Management and Budget – code-named M-15-13 – requires that all publicly accessible websites and services be available only through a secure connection.

The strongest protection currently available for public websites is HTTPS, or Hypertext Transfer Protocol Secure (HTTPS).

Last week, some 4m US government employees had their data stolen in an attack believed to have come from Chinese hackers. The Chinese government has vehemently denied any involvement.

Yesterday it emerged that the US Army’s public website was defaced by hackers, with the Syrian Electronic Army claiming credit for the attack.

“Data sent over HTTP is susceptible to interception, manipulation, and impersonation,” the memorandum read.

“This data can include browser identity, website content, search terms, and other user-submitted information.

“To address these concerns, many commercial organisations have adopted HTTPS or implemented HTTPS-only policies to protect visitors to their websites and services. Users of federal websites and services deserve the same protection.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years