The White House’s Office of Management and Budget has released a new proposal that would bring all publicly accessible federal websites and web services under a secure web standard by default. The standard – https, essentially adds a layer of security to user’s normal browsing experience. CivSource recently moved to this standard as part of a range of security oriented changes, following a series of attempted but unsuccessful cyber attacks on our website.
Https is most commonly found on websites where users might submit personal information – think e-commerce or application sites for various services. But, https also ensures that when users to go a .com, .gov or other website they’re going to the real one and not a proxy. With https a users activity is also kept private.
When we made the decision to switch over, it was a no-brainer, but changing the culture of government even in the smallest sense is always an uphill climb. To that end, OMB has drafted a proposal which is available for public comment about the federal switch to https. Https isn’t a silver bullet by any means, there are still some very clear limitations. Https doesn’t make users computers anymore secure for example, but it’s a start in a more security oriented direction.
The proposal allows for a phased in migration to https in which all about to launch sites will have https by default, while those already online will be expected to move over to the standard within a certain amount of time.
The FTC has already made the move, which does come at an increased cost – namely the purchase of certificates that will allow for the https designation.
Even with the change management and cost considerations, the move is big news. In the era of government and corporate spying, the shift signals that browsing should be considered private. The initiative can also serve as a directive for state and local government, especially as cyber attacks on all levels of government increase.
The full proposal is here. Individuals have until the end of the month to comment.