More than a third of government websites failed to meet the end-of-year deadline to set up secure domains, according to a report on Government Technology (GT).
All existing federal websites were mandated – under a June 2015 memo from Tony Scott, the U.S. chief information officer – to switch over to HTTPS by Dec. 31, 2016.
According to pulse.cio.gov, an official government site that gauges compliance to the memo, "HTTPS provides a secure connection across the internet between websites and their visitors, and is becoming the new baseline for public web services." The U.S. federal government is in the process of transitioning all its sites entirely to the more secure protocol.
However, at this time, the encrypted domain protocol has only been adopted by 800 sites, 69 percent of the total. That leaves around 345 federal government websites still unencrypted.
Among those are highly visited sites which pull in tens of millions of visitors each month, such as the National Oceanic and Atmospheric Administration, the Department of Veterans Affairs, the Census Bureau, and the Food and Drug Administration.
Security experts warn that the use of HTTP, rather than HTTPS, can put web visitors at risk as "unencrypted domains offer a way for hackers and bad actors to manipulate or steal...data," according to a document from the World Wide Web Consortium.