More than a third of U.S. federal websites are missing key elements of online security architecture, according to a report released Monday by the Information Technology & Innovation Foundation (ITIF).
Out of 469 government websites surveyed by ITIF, just 36% passed the test for both Domain Name System Security (DNSSEC) and Secure Sockets Layer (SSL) certificates.
These two security features are crucial elements of online security, without which browsing can be insecure. “Federal government websites still require significant improvement,” the report said. “Doing so will help ensure that the many Americans who routinely use the Internet to access government services and information can continue to do so.”
DNSSEC prevents websites from masquerading as other ones, for example stopping sites that are trying to steal your data from pretending to be government websites. An SSL certificate is a data file that uses a cryptographic key to ensure that information sent between a user and a website is secure.
The report found that 88% of the websites had enabled DNSSEC, compared to the 90% reported in a smaller scale test carried out in March 2017 by ITIF. The SSL test was passed by 71% of the websites, an increase from 67%.
Last year, the Department of Defense announced it was recruiting hackers to help expose security flaws, in a programme it called “Hack the Pentagon.”