Trump administration wants to enhance the security of .gov sites
The government hopes to strengthen defenses on all .gov sites to protect users
Hacking is more common than ever now, and government websites aren’t immune to it. In a blog post released this week, the Trump administration declared its intention to make all .gov websites more secure by way of increased encryption.
The post states: “Governments should be easy to identify on the internet and users should be secure on .gov websites.”
To that end, the government is urging all domain operators to add an extra level of security to their sites. Recently, websites have moved from HTTP to HTTPS, which adds a layer of encryption to protect visitors. While HTTPS has become the new norm for secure sites, it’s not perfect.
What the government is hoping is to get all websites with the .gov domain to adopt a higher standard that automatically encrypts the user’s connection. Defaulting to that type of encryption allows agencies to increase security across a number of domains.
A security process called preloading protects users from jumping to an unsecured HTTP website by stopping the browser from loading any HTTP site and requesting instead to be sent to an HTTPS site.
The DotGov program’s intention is to preload all .gov sites: “We believe the security benefits that come from preloading are meaningful and necessary to continue meeting the public’s expectation of safety on .gov services.”
To get to a point where all .gov sites can be preloaded, all sites need to obtain a certain level of security, which the blog post admits may take “a few years.” Starting September 1, all new .gov sites will be preloaded before release.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now