November 29, 2023 at 04:39AM
The Reading Borough Council apologized after recommending users to disable browser HTTPS to access its planning portal, which had faced a month-long outage due to technical issues. The council has since repaired the portal and restored secure access, while the decision-making behind the poor security advice remains unexplained.
**Meeting Takeaways: Reading Borough Council’s Planning Portal Issue**
1. **Portal Restoration:**
– Reading Borough Council has successfully restored the security of its planning application portal.
2. **Initial Technical Problems:**
– There was an extended outage lasting almost a month due to technical issues.
3. **Controversial Advice:**
– During the outage, the council faced criticism for recommending that users disable HTTPS as a workaround to access the portal.
4. **Public Guidance on HTTPS:**
– Advice to disable HTTPS appeared publicly until November 26 and was promoted for Chrome users since Safari does not support turning off HTTPS.
– The council’s guidance contradicted standard security practices, which encourage HTTPS use to protect data.
5. **HTTPS Importance:**
– HTTPS encrypts data transferred over the internet, making it essential for online safety, even on websites that may not handle overtly sensitive information.
6. **Council’s Apology and Response:**
– The council acknowledged the advice was incorrect and issued an apology for the misinformation and the confusion it caused.
7. **Resolution of The Issue:**
– The planning portal was back online with a secure connection as of 10:08 am on 27 November after remedial work.
– No special actions from users are now required to access the portal safely.
8. **Lack of Explanation for Misguidance:**
– The council did not provide an explanation for how the guidance to disable HTTPS was internally approved.
9. **NCSC Involvement:**
– The National Cyber Security Centre (NCSC) did not comment on the situation.
– However, official advice from NCSC encourages consistent use of HTTPS for all websites.
10. **Overall Consequence:**
– The council’s initial advice was seen as promoting poor security practices, and it has since been rectified.
**Action Items:**
1. Mold sure no future communications recommend disabling security features or contradict best practices.
2. Monitor and ensure continued secure access to the planning portal.
3. Review internal processes to prevent approval and dissemination of incorrect technical guidance.
4. Possibility to engage with NCSC’s Web Check service to audit and ensure the council’s web services are correctly configured and secure.