It’s far too easy to hack the U.S. government, and the White House knows it. The Obama administration, after being embarrassed by a series of high-profile data breaches, announced this week that all government agencies have until Dec. 31, 2016 to encrypt their websites. They just need to fend off the intrusions between now and then.
"We are improving our defenses. They are improving their attack capabilities," said Rep. Adam Schiff, the top Democrat on the House Intelligence Committee. "And I think we have a lot more work to be done to defend ourselves but also to provide a deterrent because a good defense alone is not going to be enough."
Currently, only 41 percent of federal domains are encrypted, according to government figures.
The White House Office of Management and Budget has ordered all publicly accessible websites to use HTTPS communication protocol. HTTPS essentially provides another layer of protection on top of the still more common HTTP authentication, better protecting the data transmitted between website owners and visitors. HTTPS also provides better privacy and prevents Man In The Middle hacks, which occur when a website’s traffic is manipulated and an individual’s connection is unwittingly rerouted.
“Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about those who use unencrypted federal websites and services,” the advisory stated. “This data can include browser identity, website content, search terms, and other user-submitted information. To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect anyone who visits their websites and uses their services.”
Whether HTTPS would have made a difference in the hack on the Office of Personnel Management (OPM), which affected at least 4 million federal employees, is unclear. But the Chinese hackers who accessed the OPM systems broke through four different “segments” of OPM’s security system, according to ABC News.
The breach is believed to have been detected more than a year after it began and was discovered only when OPM was updating its security infrastructure. It comes after hackers from various U.S. rivals infiltrated the White House Internet, the State Department’s email systems, a number of health providers and various little-known U.S. government agencies.
U.S. officials have all but admitted the wave of intrusions is unlikely to stop soon.
"I'm always concerned about China," said Rep. Elijah Cummings, D-Md., ranking member of the House Committee on Oversight and Government Reform. "We're going to have to realize the extent of what has happened, and we've got to do every single thing in our power to prevent this from happening and then we have to protect the people who already have [been affected]. So we've got work to do."