July 6, 2016 by

UK Govt Websites Switch to HTTPS Encryption


Come October, all Government Digital Services (GDS) websites will switch to mandatory HTTPS encryption. Some would say it’s about time too.

In a recent blog post, Dafydd Vaughan, technical architect at the UK GDS revealed that all government domains will use HTTPS encryption. Furthermore, the domains and all services will be required to publish a DMARC (Domain-based Message Authentication, Reporting and Conformance) policy that would be applicable to their email system.
Vaughan stated:
The service.gov.uk standards require all government services to run on secure connections, known as ‘HTTPS’. This type of connection makes sure user data is encrypted and stays secure while users interact with your service.
He also added that the services will mandatorily use HTTP Strict Transport Security (HSTS). The setting will ensure that modern browsers only use secure connections and information that will only be sent in an encrypted manner.
Furthermore, services that are only available via unsecured connections will no longer be supported by modern browsers after October 1. This forces a transition to more secure systems and the GDS has published guidance to help with a smooth transition. A guide on how to implement secure email practices including DMARC is also published and available online.
In no uncertain terms, Vaughan wrote:

Many services will collect personal information from users. It’s very important that this information can’t be intercepted by malicious third parties as it travels over the internet.

Therefore, all services accessed through service.gov.uk domains (including APIs) MUST only be accessible through secure connections. For web-based services this means HTTPS only (often referred to by the acronyms TLS or SSL, which both refer to the protocol underpinning these secure connections). Services must not accept HTTP connections under any circumstances.
The foray into implementing HTTPS encryption is a part of a wider global movement to embrace better encryption and security standards. Yahoo was among the earliest adopters among the traditionally big websites, switching Yahoo Mail to all HTTPS in October 2013.
Google is also among the flagbearers for the HTTPS standard, revealing that websites with HTTPS encryption will rank higher on its search pages.
Apple will be mandating that developers secure iOS apps with HTTPS from 2017.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

Hackers Invade Safety System of Critical Infrastructure Facility

Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a...

Read more arrow_forward

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward