The partial US government shutdown is now affecting TLS certificates for some government websites.
The websites of key branches of government like the Justice Department and the Court of Appeals are no longer secure or accessible, as first reported by Netcraft. The partial government shutdown affected their abilities to renew TLS certificates to keep their websites functional.
Domino Effects of Shutdown Includes Security Issues
Many government websites house sensitive government payment portals and remote access services. Securing them is essential. Transport Layer Security (TLS) certificates protect the security of these sites.
Many of the government workers who are responsible for renewing the certificates have been furloughed. So far, more than 80 TLS certificates used by .gov websites have expired without being renewed, according to Netcraft.
From the report:
To compound the situation, some of these abandoned websites can no longer be accessed due to strict security measures that were implemented long before the shutdown started.
Time is of the Essence
On Sunday, the partial shutdown hit its 23rd day. This makes it the longest in US history. What’s more, there seems to be no end in sight. President Donald Trump and congressional leaders remain at an impasse over border security funding.
Specifically, the president’s desire to fund a border wall along the US-Mexico border to the tune of $5.7 billion has met flat out refusal from House Speaker Nancy Pelosi. The House is responsible for approving appropriations.
It’s anybody’s guess as to when congressional leaders and President Trump will reach an agreement. In the meantime, the White House Office of Management and Budget is readying plans. The Wall Street Journal reports officials are preparing for the shutdown to last through the end of February.
The last time the president met with Congressional leaders, he walked out. He tweeted the talks were a waste of time because Democratic leaders refused to budge over taking up funding the wall while the government is partially shut down.
The longer the government shutdown lasts, the worst the situation becomes for government agency websites.
As more and more certificates used by government websites inevitably expire over the following days, weeks — or maybe even months — there could be some real opportunities to undermine the security of all U.S. citizens.
Man-in-the-Middle Attack Concerns
Netcraft found that sites with expired TLS certificates display warnings, but visitors can bypass them. People who ignore the warnings may inadvertently “render themselves vulnerable to man-in-the-middle attacks,” according to the report.
For example, the Justice Department’s website uses a certificate that expired in December.
Featured Image from Shutterstock