US government shutdown leaves websites insecure

US government shutdown leaves websites insecure

Screengrab of US Court of Appeals website

Image copyright
US Court of Appeals

Image caption

Some government websites are telling users not to enter sensitive information

The ongoing US government shutdown is leaving dozens of official websites insecure or inaccessible.

Affected websites include the US Department of Justice, the Court of Appeals and Nasa.

The shutdown, over a funding dispute for President Trump’s Mexican wall, means 400,000 federal employees are currently not being paid.

One of the side effects of this is that security certificates for websites are not being renewed.

Digital certificates ensure that communications between devices and websites are sent in an encrypted, secure manner and are an essential part of keeping IT infrastructure up and running. But, when issued, they are given an expiration date of anything between a few months and several years.

  • So why has the US government shut down?
  • When out-of-date code causes chaos

Losing ground

According to internet services website Netcraft, more than 80 security certificates used by .gov websites have expired.

This includes the US Department of Justice, which is using a certificate that expired in the week leading up to the shutdown and has not been renewed since.

The Department of Homeland Security’s newly-created cyber-security and infrastructure security agency, is currently operating with less than half its staff, according to Suzanne Spaulding, a former under-secretary at the agency.

She said: “With each passing day, the impact of the government shutdown on our nation’s security grows. Meanwhile, our adversaries are not missing a beat and the daily attacks on our systems continue.

“Cyber-security is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries.”

Security consultant Paul Mutton, writing in a blog for Netcraft, added: “With Donald Trump seemingly unwilling to compromise on his demands for a wall along the border with Mexico, and Democrats refusing to approve a budget containing $5.7bn (£4.46bn) for the wall, the hundreds of thousands of unpaid federal employees might not be the only ones hurting.

“As more and more certificates used by government websites inevitably expire over the following days, weeks – or maybe even months – there could be some realistic opportunities to undermine the security of all US citizens.”