Federal Government websites have poor levels of encryption, independent audit finds

The vast majority of Federal Government websites have poor levels of encryption, putting the private details of taxpayers at risk, an independent audit finds.

An audit of the websites by two independent systems administrators found only four government websites out of more than 850 fully protected visitor communications.

The results have surprised other internet security experts who said the Government needed to beef up their levels of encryption.

Last year, while standing in Australia's new cyber security centre in Canberra, Prime Minister Tony Abbott announced Australia's internet security policies would be put under scrutiny.

The cyber security centre had been announced the year before by former prime minister Julia Gillard, who promised a "world class" facility to tackle a growing overseas cyber threat.

But it appears not all cyber issues are being looked at, as the two system administrators found when they reviewed the encryption capabilities of Federal Government websites.

After retrieving a list of more than 850 government domains via a Freedom of Information request, the pair scanned and reviewed the security of each of those websites.

They were looking for the basics, such as whether the site encrypted communications between the server and the user, similar to the way Twitter, Facebook or banks do.

And if they did provide encryption, the pair wanted to know if the sites used the latest software to protect against vulnerabilities or known weak encryption ciphers.

"Ninety per cent of the sites had no security at all," Ashley Hull, one of the those behind the security scan said.

Continued here:
Federal Government websites have poor levels of encryption, independent audit finds