A new report from the Information Technology & Innovation Foundation examined the security of 469 government websites, and found many missing key protections.
More than one third of US federal website are missing a key security protection, according to a new report from the Information Technology & Innovation Foundation (ITIF), released Monday.
Only 36% of the 469 government websites studied passed the ITIF's tests for both Domain Name System Security (DNSSEC) and Secure Sockets Layer (SSL) certificates, the report found. DNSSEC is a set of protocols that improve the security of DNS, while SSL certificates are a foundational piece of HTTPS connections, the report said.
In breaking down both tests, 88% of the websites had enabled DNSSEC, which was a two-point drop from the previously-recorded 90%. The SSL test was passed by 71% of the websites, which marked a jump from the 67% noted in the ITIF's initial report in March 2017.
SEE: Network security policy template (Tech Pro Research)
The ITIF report also examined page-load speed, which was broken down into desktop and mobile page-loads respectively. On the desktop side of things, the report said, 63% of the websites passed the test for page-load speed, down from 73% in the first report. For mobile page loads, 27% passed the test this time around, down from 36% previously.
When considering mobile friendliness, 61% of the federal websites passed this test, the report found—up from 59% in the initial report. "Common problems included not using proper metatags to configure the website for mobile devices and links or buttons that were too small for easy use on mobile devices," the report found.
Accessibility was another issue that the ITIF report looked into. Of the reviewed websites, 60% were considered accessible for users with disabilities, the report found. Common accessibility issues could be bad contrast in the website design, poor labeling, and other factors.
When all four metrics (page-load speed, mobile friendliness, security, and accessibility) are accounted for, only 9% of websites performed well on all of them. That means that 91% of the federal websites studied failed in at least one metric test.
In the report, the ITIF encouraged federal agencies to "prioritize building and maintaining fast, convenient, secure and accessible websites." Doing so would "help ensure that the many Americans who routinely use the Internet to access government services and information can continue to do so," the report stated.
The ITIF offered more concrete steps to help solve the problems indicated by the report, including a website modernization sprint, implementing page-load speed requirements, requiring website analytics reports, and more.
The 3 big takeaways for TechRepublic readers
- Some 36% of US federal websites failed a test for either Domain Name System Security (DNSSEC) or Secure Sockets Layer (SSL) certificates, according to an ITIF report.
- When considering all four of the ITIF's metrics for design and development, 91% of the websites failed in at least area.
- The ITIF recommended that federal agencies modernize their websites, put page-load speed requirements in place, and more to keep pace with innovation.
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)
- US military leak exposes 'holy grail' of security clearance files (ZDNet)
- Information Security Management Fundamentals (TechRepublic)
- Government reveals draft digital identity framework (ZDNet)
- The current state of government cybersecurity is 'grim,' report says (TechRepublic)