In a letter sent today, Oregon Senator Ron Wyden asked officials from three government agencies to come up with solutions and procedures that mandate the removal of Adobe Flash content from all US government websites by August 1, 2019.
The Senator is urging US government officials to act in light of Adobe’s Flash end-of-life date scheduled for the end of 2020, after which Adobe announced it would cease to provide any technical support for the software.
Trying to avoid another Windows XP fiasco
Senator Wyden is hoping to avoid a situation like the one of Windows XP, which US government agencies still use, despite Microsoft retiring the operating system back in 2014.
“The federal government has too often failed to transition away from software that has been decommissioned,” Wyden wrote in his letter.
The Senator points out Flash’s “serious, largely unfixable cybersecurity issues” as one of the reasons US government sites should take proactive steps from removing this technology of its sites even before the cut-off date, after which Adobe won’t provide any security fixes at all.
Wyden would like that officials would:
› Require federal agencies to remove all Flash-based content from their websites by August 1, 2019.
› Require agencies to remove Flash from desktop computers by August 1, 2019.
For the last point, the optimal plan, Wyden suggests, is that officials create a pilot program to remove Flash from the PCs of a small number of employees by March 1, 2019, and from all computers by August 1, 2019.
The letter, which you can read in full here, is addressed to the heads of the US National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS).
Wyden previously asked that federal agencies use ad blockers
Last year, Senator Wyden also urged in a similar letter that US agencies deploy ad blocking technologiesto prevent malware delivered via malicious ads (malvertising) from infecting government networks.
In another letter, he also urged Department of Defense officials to encrypt their websites by deploying technologies like HTTPS and HSTS (HTTP Strict Transport Security).
Speaking at a conference in February, Parisa Tabriz, Director of Engineering at Google, said the percentage of daily Chrome users who’ve loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018.
According to web technology survey site W3Techs, only 4.9% of today’s websites utilize Flash code, a number that has plummeted from a 28.5% market share recorded at the start of 2011.