The US Department of Defense has issued a directive to get all the public accessible Department of Defense web services from an unsecure HTTP connection to a more secure HTTPS with HSTS (HTTP Strict Transport Security) connection by the end of this year.
The concern was raised by US Oregon Democrat Senator Ron Wyden in a letter sent to the Chief information officer for US Department of Defense, Dana Deasy earlier in May this year to get HTTPS Certification for DoD websites.
Wyden had raised several issues with the current condition of many of the Public accessible websites of the Department of Defense.
He specifically pointed out that most of the DoD websites lacked a proper HTTPS certification. Wyden pointed out that only a small number of DoD websites such as the Army, Air Force and the National Security Agency homepages were implementing the HTTPS certification by default, which is trusted by all the major web browsers.
Wyden, mentioned that a number of websites from the Navy, Marines and even one of the DoDs own website lacked HTTPS certification. These sites were still dependent on the certificate provided by DoD Root Certificate Authority to prove their authenticity.
Popular and mainstream web browsers issue security warnings and force the user to navigate through them to reach sites with DoD Certificate. This creates a negative image in the civilians as well as the servicemen who have to constantly face these security warnings to reach the WebPages of DoDs public resources.
Wyden mentioned in his email To Deasy that Google will start warning visitors to non HTTPS websites about them being unsecured. He emphasized that this will strongly impact the public’s trust in DoDs ability of not taking proper security measures to fight against cyber attacks and security threats.
Wyden was concerned that the regular warnings issued by several web browsers will make the public numb to them by taking them as irrelevant pop-ups to get to the websites that lacked security certificates. The lack of proper security certificates also increases the risk of getting targeted by cyber crime and foreign government hacking.
Wyden urged the DoD to implement the following measures to solve the issue of HTTPS certification for DoD websites:
In reply to Wyden’s letter, Dana Deasy mentioned that the Department of Defense (DoD) has already been working on the issue raised in the letter for the past several years. Deasy stated that implementing these capabilities has included infrastructure refresh and policy adjustments in the past 2-3 years.
Deasy said in reply that a Joint Force Headquarters-DOD Information Network (JTF-DoDIN) Task order is the culmination of their preparation and mission analysis. This Task force will implement the cyber security measures contained in the Binding Operational Directive (BOD) 18-01 issued by Department OF Homeland Security. Deasy stated that the implementation of HTTPS with HSTS is targeted to achieve completion by 31st December 2018.
The plan of action to be implemented by DoD to secure the Public Facing Web and Email services is already in motion and targets to achieve these goals to get HTTPS Certification for DoD websites:
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.