18F Editor’s note: This is a guest post by Karim Said of NASA. Karim was instrumental in NASA’s successful HTTPS and HSTS migration, and we’re happy to help Karim share the lessons NASA learned from that process. In 2015, the White House Office of Management and Budget released M-15-13, a “Policy to Require Secure Connections across Federal Websites and Web Services”. The memorandum emphasizes the importance of protecting the privacy and security of the public’s browsing activities on the web, and sets a goal to bring all federal websites and services to a consistent standard of enforcing HTTPS and HSTS.
Effective May 15, 2017, GSA’s DotGov Domain Registration Program will begin providing HSTS Preloading services for federal agencies. HSTS stands for HTTP Strict Transport Security (or HTTPS, for short). This new service helps ensure that visitor communication with .gov websites is not modified or compromised, and hostile networks cannot inject malware, tracking beacons, or otherwise monitor or change visitor interactions online. As part of this new service, any federal government executive branch .
The Information Technology & Innovation Foundation (ITIF) recently published a report, Benchmarking U.S. Government Websites, that looks at the performance, security, and accessibility of the top 297 government websites. ITIF is a think tank in Washington, D.C. whose mission is to formulate, evaluate, and promote policy solutions that accelerate innovation in technology and public policy. Over the past 90 days, government websites were visited over 2.55 billion times. According to the Analytics Dashboard, 43.
HTTPS is a necessary baseline for security on the modern web. Non-secure HTTP connections lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks. In June 2015, the White House required all new federal web services to support and enforce HTTPS connections over the public internet, and for agencies to migrate existing web services to HTTPS by the end of calendar year 2016.
Federal agencies are required to make all federal websites accessible through a secure, HTTPS-only connection by the end of the 2016 calendar year. What you might not have known is that the switch to HTTPS will improve your ability to track which sites are directing web traffic to yours. Recently, a federal colleague reached out to a digital community about a huge jump in referrals from Wikipedia.org to a federal site in late February.
As we move into 2016, here are 10 trends I foresee flourishing around mobile, technology and government: The mobile-majority tipping point in government. Many agencies are already past this point, but as a whole, government websites are still desktop-majority, with 66% of people accessing federal websites via desktop and 34% on mobile. In 2016, the double-digit mobile growth will continue to accelerate and surpass 50% for almost all agencies. (Much of the Web passed this point last year or in 2014, btw).
2015 was a big year for 18F. We almost doubled in size, worked with 28 different agency partners, and released products ranging from Design Method Cards to cloud.gov. Internally, we improved onboarding and our documentation by releasing guides on topics as diverse as content, accessibility, and creating good open source projects. To mark the end of the year, we reached out to everyone at 18F and asked them to reflect on a meaningful project they worked on this year.
I always think of SEO like the dentist—no one really likes it, but you need to do it. Yet, despite my lack of excitement for the topic, this will be at a minimum my second post (here’s the first about the relationship between creating good content and SEO practices. Today I want to dive a little more into often overlooked aspects of the content creation process and overall content maintenance.
Following the recent OMB memo that all publicly available federal websites and Web services must implement HTTPS by December 31, 2016, Web content managers across government are considering the SEO (search engine optimization) implications of the transition, among other details. In August 2014, Google confirmed that HTTPS is a ranking signal in their algorithm. But being a ranking signal and having an impact on findability are two different things.
With the release of a new dashboard to measure best Web practices in the federal government and the establishment of a government-wide HTTPS Only Standard, the time to make the switch to HTTPS has arrived. Agencies have until December 31, 2016, to make the switch. The move to HTTPS is not only happening in government; it is also becoming the standard in industry as well. Firefox and Chrome have begun taking actions to phase out HTTP to make browsing more secure.
The U.S. federal government is launching a new project to monitor how it’s doing at best practices on the Web. A sort of health monitor for the U.S. government’s websites, it’s called Pulse and you can find it at pulse.cio.gov. Pulse is a lightweight dashboard that uses the official .gov domain list to measure two things: Analytics: Whether federal executive branch domains are participating in the Digital Analytics Program (DAP) that powers analytics.
Data. Security. Privacy. These are the cornerstones of many discussions concerning technology. The security of citizen information when interacting with the federal government will be increasingly important as we progress into the future. A few agencies have begun to use Hyper Text Transfer Protocol Secure (HTTPS) in lieu of the standard HTTP. For these agencies, this transition to HTTPS is seen as a step in the right direction and is one way for the government to address the security of citizen information.
Data and code are the foundation, building blocks, and cornerstone of government digital services. They are the keys that open the door to a better digital government future and are fundamental in making government more open. No matter who you are or where you work in the federal space, data and code enable your projects to meet real needs. This month we’re featuring articles around the theme of data and code.