Published: Sun, January 13, 2019
Finance | By Loren Pratt

Shutdown Leaves Federal Websites Vulnerable

Shutdown Leaves Federal Websites Vulnerable

In terms of the types of websites affected, a review by Netcraft plots the range extending from NASA to the Department of Justice and through to the Court of Appeals. Depending on the security level, most websites will kick back browser errors while other sites won't let you in at all until the expired certificate is renewed.

Websites with expired certificates where admins followed proper procedures and implemented correctly-functioning HSTS (HTTP Strict Transport Security) policies are down for good, and users can't access these portals, not even to browse for basic information.

Other sites can not be accessed at all.

Several government sites are now inaccessible or blocked by most browsers after their HTTPS certificate expired.

"Until U.S. Congress resumes services it is inevitable that we will see expired certificates and this example just goes to show how vulnerable organisations who are susceptible to shutdown can be", said GlobalSign's Managing Director, Paul Tourret.

The company warned that as the shutdown wears on, the problem of expired TLS certificates will only get worse.


Elsewhere, the function of United States government security related agencies such as NIST.gov has also been affected by the funding freeze.

She said: "With each passing day, the impact of the government shutdown on our nation's security grows". Cybersecurity is hard enough with a full team.

Meanwhile, the Department of Homeland Security's new cybersecurity and infrastructure security agency is now operating with less than half of its staff, according to Suzanne Spaulding, a former official, in a column for The Hill.

The partial shutdown of the USA government comes at the worst possible time for CISA, according to Spaulding.

"You try to avoid disrupting the critical operational activity even while you make changes to improve the organization".

Martin Thorpe, enterprise architect at digital certificate firm Venafi, added: "The US shutdown has now left a mark on the digital world".

Like this: