I was looking at the whitehouse.gov website recently, which I peek at from time to time to check on how the US president is doing. Then I noticed the site was WordPress based. Not the best choice, I thought, but one would think that the POTUS knows better than me. And if he doesn’t, there’s the whole department of Homeland Security to ready-up a fail-safe method to link the president and the general public digitally.
Being the tech enthusiast and a programmer that I am, a couple of quick cross-comparisons later, I find that the white house government site and other sites of Prime Ministers and Presidents around the globe. And how worried they are about cybersecurity, optimization, and user experience.
Whitehouse.org holds information about legal documents and official briefings, but it’s also the place where every US citizen can come by if they wanted to pose a question to the head of the USA. Considering the delicacy of this interaction and the potential traffic volume and underlined security issues, you would think this website has the topmost security that present technology can provide.
Interestingly, the white house website is not the only official site with vulnerability issues. The site dedicated to the Russian president does not even have an SSL certificate, and neither does the German equivalent (bundespraesident.de).
Although the Russian government IT specialists optimized Kremlin.ru for fast loading speed, the presence of definite hints about present security issues is a bit disturbing. This lack of input data security means that all the information you are required to submit on-site during an inquiry remains unprotected. This neglect is aiding the wrongdoers who undoubtedly are checking this domain activity, typically looking for less obvious opportunities for cyber-security breaches.
Hackers can use minor security flaws to leverage sophisticated plans for further damage, all starting with identity theft or a small breach in privacy protection protocols. And since this is a well-known domain name, the number of potential hackers probing around at any given time is alarmingly high. These conditions suggest that the government maybe is deliberately discouraging any dialogue between the people and their official representatives. It seems that the Government cybersecurity work towards increasing chances for something to go wrong through deliberate negligence.
A quick glance at Asia shows that this problem is not country-based. The Chinese equivalent of the whitehouse.gov has the SSL in place, unlike kremlin.ru. However, the security protocol there does not offer complete protection, and your browser transmits a polite warning.
It’s mind-boggling why these high traffic websites have neglected adhering to even basic security protocols. Looking at these preliminary causes for concern, one begins to wonder the security protection of country subjects is the government’s top priority. Governments create images of themselves for being the respectful protector of their people and should exude, at least, a high sense of security and vigilance. Yet, they don’t. We wonder why.
Security problems put aside, official government sites are the ones that will benefit the most from implementing new techs like PWA. Here’s why.
PWA provides the rich experience, usually related exclusively with native apps, and designed to benefit users with weak network connection or device capabilities. The standalone nature of the PWA framework is intended to be all-inclusive, and facilitate heavy traffic, where every visitor connects seamlessly and receives top user experience.
Official Government sites should benefit from the fact they could use functionalities innate to native apps and enjoy the level of influence only web apps can provide. This unique combination of capabilities and reach is what defines PWA – it combines the best perks of Native and Web Apps.
You would think that similarly to how the Internet itself came to be, PWA is a brand new tech that official governments will first use and later extend to the general public. Ironically, it is private entrepreneurs who are concerned with cybersecurity, not the supreme country rule-making body, namely the government. While this technological marvel is assisting businessmen from all walks of life, there is a missing motivation factor when it comes to seeing such top-notch security protocols being followed at the authoritative level.
A lot of official sites are refusing to adopt PWA and security protocols – what should have been their signature move. When you dive into the possible causes for averting such a critical step towards data protection and overall IT security, there isn’t any rock-solid culprit because PWA isn’t known to drill holes in the pockets in terms of adoption costs. As business organizations of seemingly low revenue levels indulge in advanced security mechanisms, it becomes all the more imperative for government bodies to pay heed.
Preventing official government websites from a cyber attack should be on the lookout for tech enthusiasts prevailing in the higher management levels. However, if relatively small companies are investing religiously in PWA and similar security tech, what could possibly be stopping government sites from following the same footprints? It must be embarrassing for a country to get its website hacked by a trivial hacker group sitting at some distant corner of the world, buried in VPNs and encrypted servers. Apart from the sheer global embarrassment, such a cyber attack would also bring a considerable amount of public distress and a lack of faith in national security. After all, everyone looks upon these platforms to inculcate how robust the IT infrastructure of the nation actually is.
All in all, it seems a no-brainer to integrate PWA in an array of government websites, and the initiate must witness its outburst in our country itself. It’s high time the world needs to see a World Wide Web that is virtually devoid of cyber attackers who could make their way past security protocols.
It can’t be stated for sure whether the government will look into these loopholes and fix them while there’s still time. However, this comes out an eye-opener for everyone who thinks government sites entail the same Z-level security that their physical counterparts do.
Andreas Maier, CEO
Andreas is a result-oriented CEO who brings nearly 30 years of experience gained in the high-tech industry. His experience ranges up to leading positions in Fortune 100 companies such as rentalcars.com (PCLN) or Intrasoft International, a leading EU based R&D software vendor. He holds a Ph.D. in Neural Networks from the University of Cologne, Germany.
In the past Andreas has successfully founded and co-founded several startups among others XXL Cloud Inc., eShopLeasing Ltd, and WDS Consulting SA. His expertise is strongly focused on modern headless Commerce and the optimization of processes in IT ecosystems.