WASHINGTON DC – The government shutdown, now in its 25th day, continues to affect the security of federal websites, and the number of impacted sites has jumped.
Netcraft, a UK-based web security company, noted last week that it had found more than 80 US government websites operating with expired security certificates, a situation that could put visitors at risk. On Thursday, the company said the number had grown to more than 130 federal sites with expired certificates.
Sites such as those of the Department of Justice and NASA were among those initially affected. The latest round of certificate expirations includes sites for the White House, the Federal Aviation Administration, the National Archives and the Department of Agriculture. Some of the affected sites are payment portals, potentially jeopardizing the personal information of visitors, Netcraft said, though CNET couldn’t independently verify this.
As the shutdown drags on, more certificates are likely to expire, because they can require employees to renew them. The certificates have different expiration dates scattered throughout the year, and the workers who would normally renew some of them are likely to be out on furlough. As a result, “[T]here could be some realistic opportunities to undermine the security of all US citizens,” Paul Mutton, a security researcher at Netcraft, wrote in a company blog post January 10.
Netcraft’s findings underscore the toll taken on US government cybersecurity by the protracted shutdown, which has left hundreds of thousands of federal employees and contractors furloughed.
To read the rest of this story, click on https://www.cnet.com/news/shutdown-government-sites-with-lapsed-security-certificates-pose-risk/
