recommended reading

Hacker Fears Have Frustrated Efforts to Downsize Dot-Gov Sprawl

Simon Booth/

Concerns about data compromises are partly to blame for drawing out an effort to merge roughly 2,000 dot-gov websites, according to federal officials and internal emails. 

But officials say they are still committed to making government services and information easier to navigate, as the website consolidation initiative approaches its three-year anniversary.

Combining National Oceanic and Atmospheric Administration website content with content from the Coast Guard illustrates the trickiness. The Coast Guard, a Homeland Security Department agency with a dot-mil suffix, is more of a bull’s eye for hackers than NOAA, officials say.

USCG employees shy away from sharing data with other agencies, one information technology employee complained on the government's Web content managers listserv in 2012. Nextgov retrieved the message, with the employee’s name redacted, through an open records request. 

The Coast Guard staff "are security maniacs because hackers like to target them," wrote a NOAA web manager in the Office of Space Commercialization, which is part of the Department of Commerce.

"I tried to syndicate RSS feeds from the CG server to the DOC server. It didn't work because DOC blocks external content, and the DOC guys said no way even when I explained that CG is rabid about security and that I control the content on their server. How are we ever supposed to avoid duplication of content if content cannot be shared?" the manager questioned.

Coast Guard officials acknowledge that personnel are worried about protecting their information when linking to other agencies’ machines. 

Each agency official responsible for a Web system "is of course concerned with protecting their networks and systems," Coast Guard spokeswoman Lisa Novak said. "One significant challenge is sharing data between separate domains such as .gov and .mil.  [The service] operates in the .mil environment and recent cyberattacks from applications that have an Internet facing component have sensitized [information technology] officials to closely monitor interconnections."

In June 2011, the Obama administration set a one-year goal to cut in half the government's 2,000 main dot-gov domains, such as and   

Around the time of the initiative’s two-year anniversary, Nextgov reported that, for the first time, there were fewer than 1,000 unique government domains.

Today, the number of separate sites has crept up to 1,223. Of those, about 305 are empty and redirect to another site, White House officials say.

Security Concerns

A reluctance to yield control of data frustrated the push to fuse some sites, the NOAA Web manager said. 

"IT managers are totally averse to downloading content to their network from an external network, no matter how secure that external network is," the manager said. "They cannot accept responsibility for viruses or malware getting into their network due to content syndication," through RSS feeds, for instance. 

The manager apologized for posting a long entry about an individual dilemma to the whole listserv, but reasoned other officials were experiencing the same problem. 

"This is something that is really bothering me as I try to implement the Web consolidation initiative on only two of the sites that I manage. Now multiply this by hundreds of government sites . . . without the right technology solutions, I start to wonder if we're really improving the federal Web or making it worse," the manager said.

The governmentwide initiative began with a three-month freeze on all new dot-gov websites to get a handle on the extent of webpage sprawl. Administration officials described the effort as a first step in fulfilling a June 13, 2011, presidential executive order to cut waste and streamline government operations. 

The emphasis was more on streamlining Internet operations than cutting waste.  The cost of maintaining some sites is relatively small, officials admitted.

To minimize the risk of breaches, Coast Guard officials sign a formal "interconnect security agreement” with partner agencies, Novak said. And before doing so, each USCG agency reviews the security posture of the other agency.

Novak could not address the specific ordeal the NOAA Web manager portrayed. She said the comments are vague in terms of identifying specific websites, systems and networks. In general, the Coast Guard "shares data and enjoys service that NOAA provides for several applications," Novak said. "We are currently exchanging data with our NOAA partners."

NOAA spokesman David Miller declined to speak about the manager’s troubles.  "NOAA continues to make consolidating websites a priority across the agency, but we cannot address specific security issues,” he said.

White House officials said the Office of Management and Budget works with agencies to ensure that security issues surrounding website mergers are handled in a timely manner. By law, agencies must make risk-based decisions regarding how to secure their own IT assets, they added.  

Officials said the public is welcome to track progress on the downsizing effort through a regularly updated chart on

(Image via Simon Booth/

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.