U.S. Government Website Certificates Are Not Being Renewed Due to the Shutdown
Government websites are warning its users not to enter sensitive information as their digital certificates expire during the U.S. government shutdown.
Security certificates ensure that communications between devices and websites are sent in an encrypted, secure manner and are an essential part of keeping IT infrastructure up and running, the BBC reports. When issued, they are given a specific expiration date that can range a few months to several years.
Netcraft, an internet services website, states that more than 80 security certificates used by .gov websites have expired and will not be renewed during the shutdown. This includes the U.S. Department of Justice and soon the Department of Homeland Security that currently is operating with less than half its staff according to former under-secretary Suzanne Spaulding.
“With each passing day, the impact of the government shutdown on our nation’s security grows,” Spaulding said to BBC News. “Meanwhile, our adversaries are not missing a beat and the daily attacks on our systems continue. Cyber-security is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries.”
As the shutdown continues, more website certificates will expire and put U.S. citizens’ security at risk according to the blog post by Netcraft’s security consultant Paul Mutton.
“As more and more certificates used by government websites inevitably expire over the following days, weeks – or maybe even months – there could be some realistic opportunities to undermine the security of all US citizens,” Mutton says.
Netcraft states that error messages on the expired websites may lead scammers to get users information more easily. If users ignore these warnings, they are putting their own information at risk.