Thursday, January 07, 2021
New law aims to help local governments switch to more secure .gov URLs, including tech support and fee waivers
"Local governments are in line to get additional federal help shifting to web addresses that end in .gov under legislation that was part of the giant spending and coronavirus relief package President Trump signed into law at the end of the year," Bill Lucia reports for Route Fifty. "Many local governments around the country still rely on .com, .org or .us addresses. This can make it harder for online users to tell if they’re visiting an official government website, and it creates an opportunity for 'spoofing,' where bad actors create imposter sites."
Spoofing can create all kinds of problems for local governments, which are increasingly vulnerable to ransomware and hackers. "A fake government website might be used to point people to an incorrect polling place on election day, or it might falsely promise to register a person for a coronavirus vaccine appointment if they enter personal information, such as their Social Security number," Lucia writes.
The federal government administers access to the the .gov domain. Local government organizations can claim a .gov URL through the DotGov program for $400, but the cost can be a barrier for small governments, especially when it's far cheaper to buy URLs and hosting space elsewhere, Lucia reports. That's possibly why fewer than 10 percent of all eligible local governments have a .gov web address. Under the new law, the federal government may waive the fees. Also, local governments that move their websites to a .gov address will be eligible for federal grants to cover migration costs.
The new law transfers oversight of the program from the General Services Administration to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. It also calls on CISA "to develop an outreach strategy to support local governments in migrating to the .gov domain, and to provide technical information on how to make the switch," Lucia reports.
"It’s unlikely the URL will be a huge help when it comes to shielding localities against some of the serious cyberattacks they’ve faced in recent years, such as ransomware incidents. These episodes commonly arise from phishing, in which public employees are enticed to click on malicious links," Lucia reports. "But it would be possible for federal authorities to implement certain cybersecurity measures that would apply specifically to .gov websites, a potential benefit for local governments, especially those lacking information technology staff."