The American government through the White House Office of Management and Budget (OMB) has finalized its strategy for the adoption of HTTPs-Only Standard for all its publicly accessible web services and federal sites. This strategy is meant to bring in a new robust baseline for Internet security and user privacy across all APIs and government websites. This step is a new formal memorandum to all executive agencies. The OMB passed this proposal to the public for comments and so far received a tremendous lot of it. The US government is not the sole proposer of this new strategy as other internet bodies are calling for a default encrypted internet. In fact, Firefox and Chrome browsers which carry the highest amounts of traffic also support the idea of migrating to HTTPs from plain HTTP. This is how the US government is changing to HTTPS for improved Internet security.
The US government has come up with a memorandum that requires all the federal agencies to deploy their domains using a variety of guidelines. These guidelines are practical and reasonable for efficient deployment of HTTPs. For the newly developed sites and web services, the memorandum requires that all their federal agency domains and sub-domains adhere to the policy. Existing sites have an obligation to make priorities based on the risk analysis. Sites that involve the exchange of personal information, those that experience high traffic levels, identity, and other sensitive data should migrate immediately.
The unencrypted HTTP protocol subjects data to interception, alteration, modification, tracking and eavesdropping of user data. A majority of the federal sites in the US use the open HTTP protocol hence creating privacy vulnerability through exposure to Internet security threats. To address this, the US government wants such websites to adopt HTTPS-Only policies to protect the privacy of all visitors to their sites. The conversion is expected to begin now for them to adapt to the fast-paced Internet security landscape. This proactive strategy of the government will support the broad Internet adoption as well as promote better adoption of privacy standards by the federal sites.
The US government also require federal agencies to make all the existing sites as well as web services accessible via secure Internet connection i.e. HTTPs by December 31, 2016. Intranets are also being encouraged to use the HTTPs service. So far, the government comes up with a public dashboard that will aid in monitoring the progress of how these sites adopt the use of HTTPS. According to the recent reports, about a third of the sites have adopted the use of HTTPS although the degrees of Internet security vary. The existence of dashboard and grading in security suggests that federal sites looking forward to upgrading to HTTPS should go for the top level security. The OMB expects that the move will eradicate the common pitfalls of inconsistencies in deciding the type of content to be secured and that which should not.
The OMB affirms that though the adoption of HTTPS-Only standard comes with a cost, it is going to be outweighed by the Internet security benefits that come with it. The cost of procuring a certificate coupled with admin and maintenance cost will vary based on the technical infrastructure and size of a site. The timeline that the OMB has provided in the memorandum is enough for the responsible parties to adjust and adopt it.
All browsing activities by Internet users will be considered sensitive and private. This step is going to foster stronger privacy and improve the confidence of the people in their government. Perhaps, there has not been any virtue of consistency in most federal sites that use HTTPS as it leaves most American vulnerable to online threats. This step of providing private browsing experience to the people will therefore will position the government as the trusted leader in Internet security.