US government shutdown: List of .gov websites “not secure” grows to over 130

Credit: ID 51838409 © Mopic | Dreamstime.com

There are now more than 130 .gov websites marked in browser address bars as “insecure” because expired digital certificates that haven’t been renewed by employees who’ve been furloughed during the US government shutdown, which is now entering its 27th day.      

The number of government sites with expired certificates is up from 80 reported by Netcraft at the beginning of last week

The expired Transport Layer Security (TLS) certificates mean that some sites can’t be reached at all by visitors using Chrome and Firefox due to the site’s strict transport security policies. 

Websites affected by non-renewed certificates include the US government portal for manufacturing, manufacturing.gov, two Federal Aviation Authority websites, a National Archives customer portal, the FFIEC Financial Institutions Examination Council) Anti-Money Laundering Infobase, numerous Department of Agriculture sites, and some government remote access services. 

These join sites with expired certificates from NASA, The US Department of Justice, and the Court of Appeals.    

Netcraft’s Paul Mutton, who's been tracking .gov sites with certificates not renewed during the shutdown, notes that individual expired certificates can be fixed for about $400 a year, but this won’t happen until Trump’s stalemate over a wall at the Mexican border is resolved.  

Some fear that the expired certificates are just the tip of the iceberg in terms of how government shutdown is impacting US cybersecurity. There are concerns there will be short and long term impacts of such large numbers of government employees with cybersecurity functions not maintaining systems for whole a month. 

In the near term there are fears that attackers could strike while the US has its guard down because key cybersecurity functions only working at half-steam during the shutdown. Over the longer term, the government could lose its best talent to the private sector. 

The Department of Homeland Security’s Cybersecurity and Infrastructure Agency’s (CISA) planning document for the shutdown indicates that just 2,008 of the 3,531 CISA employees have been retained until Congress releases funding. 

Read more: US government shutdown leaves .gov sites with expired HTTPS certs

CISA, which is tasked with protecting infrastructure from physical and cyber attacks, was created when Trump signed the a new cybersecurity act in November.         

Even worse, some 85 percent of staff at NIST or the National Institute of Standards and Technology have been furloughed, which Duo Security notes that could impact the release of key cybersecurity standards and guidelines it had been working prior to the shutdown.    

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags DHSNISTTLSHTTPSTrump

More about Department of JusticeFinancial InstitutionsNASANetcraftTechnologyTransportUS Department of Justice

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts