Australia’s Bureau of Meteorology is the official source for weather data for our country with weather data from around the country feeding weather services.
Something that has puzzled many in the cybersecurity industry, is how a Government service like BOM does not support HTTPS. While the website doesn’t collect data from users, its common in 2024 that websites secure their site using encryption. The HTTPS protocol encrypts the data exchanged between the user’s browser and the website’s server.
If you manually visit the https:// version of the BOM website, you see the following error.
Thankfully there’s a new Beta version of the BOM website in the works and one of the big changes is finally support for HTTPS.
The new website offers a brand new interface for users, and one of the most improved areas is the weather map. If you’re looking for the latest rain data overlayed on a map, then the new weather map loop is a massive upgrade.
The new map now allows for modern-interactions with a map, scroll to zoom, panning, map/photo layers and a full-screen mode.
Below is a side-by-side showing the dramatic improvement.
The BOM is responsible for providing meteorological services such as weather forecasts, warnings for severe weather, climate monitoring, and water information. This includes everything from daily weather updates to long-term climate data.
- Weather Forecasts: Daily and weekly forecasts for various regions across Australia.
- Severe Weather Warnings: Alerts for events like storms, floods, heatwaves, and more.
- Climate Data: Historical and current climate information, including trends and anomalies.
- Water Information: Monitoring of river heights, rainfall, and other water-related data which is crucial for water resource management and flood prediction.
The timeframe for release of the new BOM Beta site to go to production is not clear, but if I was in charge, I’d switch it tomorrow, this is a substantial upgrade.
Check it out yourself at
Why would they need https if they don’t collect data from users? I guess you’re worried that a man-in-the-middle attack could inject a malicious URL or something onto the page….?