Security of US Government Websites during the Shutdown

The US Government shutdown–the longest in the history of United States—may have significant negative repercussions for the security of major US government websites. The staff, who have not been paid, have not been updating and maintaining these sites. As a result, some of the sites’ certificates have expired or are close to expiration.

Why is this happening?

The Trump administration famously has called for $5.7 billion to construct a border wall with Mexico, and Democrats in the country’s legislative body have refused to comply.  As a result of their failure to come to agreement, over 800,000 workers have not been paid since December 22,, 2018, and nine government agencies and departments have suffered due to the shutdown.

Without a new budget, “non-essential” government employees are unpaid and not working.

The government shutdown has left over eighty websites at risk or broken. A report by Netcraft – a UK-based internet services firm – says the websites,  including those of the Department of Justice, the Court of Appeals and NASA, are not working properly or are vulnerable because they do not have staff to maintain them.

The certificates of a NASA website expired on January 5, and that of the US Department of Justice has not been updated since the beginning of the shutdown. The security certificates ensure that all the communications that happen on the internet are secure. These certificates require proper updates from time to time in order to work properly. There are many websites which did not update their digital certificates and are not working now.

Enter at your own risk

According to experts, there is a risk—albeit limited– to the public. An expired certificate will make it hard for users to verify the website’s legitimacy but will still offer strong encryption. However, it is possible for attackers to more easily exploit users who access the sites with out-of-date certificates.

 

Related Article

The Role of Technology in Sanctions Compliance

Sanctions compliance is a complex and challenging task for many organizations, especially those that operate across multiple jurisdictions and sectors. Sanctions regimes are constantly evolving,