Security CompassA report distributed by the Information Technology and Innovation Foundation (ITIF) in November 2017 found that 91% of sites used to get to information for the USA have substantial website issues.

The report depended on an examination of 4500 sites from 400 domains, and the 500 most frequented sites were incorporated into the analysis.

In March that same year, they reviewed 300 of the most well known sites.

The aggregate results highlight that US Government websites suffer from a variety of basic issues with speed and performance, accessibility, security, and mobile friendliness. A few of the security low-lights below show that numerous government websites are not up to standard.

Their security examination depended on just two criteria: DNSSEC and HTTPS usage. They found that:

  • Only 71% of the destinations passed SSL usage, an expansion from the 67% detailed in March.
  • Even with SSL in place, it was discovered that deprecated versions of SSL – such as SSLv3 – were utilized. This leaves government websites vulnerable to well known cryptographic assaults such as POODLE and DROWN.  A few destinations were also not utilizing perfect forward secrecy.
  • Only 80% of the destinations were DNSSEC-empowered. This speaks to a decrease from 90% in March.

In short, the federal government web technology systems are ripe for modernization. By not even passing some of the most basic checks, it is a bit disturbing to postulate the deeper security issues lurking. Many of the issues identified could be tied to complexity of the landscape, with multiple agencies being left to handle technology without the requisite enterprise architectural support and system standards. Simplification and standardization with a modernization initiative would go a long way to solve at least some of these issues.