Government Shutdown Brings Certificate Lapse Woes

Among the problems: TLS certificates are expiring and websites are becoming inaccessible.

Dark Reading logo in a gray background | Dark Reading

The partial shutdown of the federal government is having an impact in ways both anticipated and not. One that probably falls under the latter is expiring TLS certificates that leave some .gov websites marked as "unsafe" or completely inaccessible from most browsers.

Websites from NASA, the Department of Justice, and the Court of Appeals are among those using one of the 80 certificates that have not been renewed since the beginning of the shutdown.

"The government shutdown has left a mark on the digital world. Several government websites now greet users with a 'CERT_DATE_INVALID' warning in place of the website itself. At best, this isn't a good look for the departments concerned. At worst, the thousands of Americans who rely on these websites are left cut off from the services they need," says Martin Thorpe, enterprise architect for Venafi.

Some experts say the issue goes beyond mere Web page inaccessibility. "I think the biggest risk is far beyond expired SSL certificates. How many critical governmental systems are currently unmaintained, outdated, and thus vulnerable?" asks High-Tech Bridge CEO Ilia Kolochenko. "It seems to be a great opportunity for nation-state hacking groups to exploit US momentary weakness to steal or alter extremely sensitive information."  

Franklyn Jones, CMO at Cequence Security, agrees with Kolochenko and points to specific risks in the moment. "It creates a great opportunity for bad actors to launch automated bot attacks, testing previously stolen credentials to gain access to private accounts on government sites," he explains.

Read more here and here.

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights