Government Shutdown has Made U.S. Cyber Infrastructure More Vulnerable

As hundreds of thousands of government workers go without paychecks, another potential crisis looms as President Trump's partial government shutdown continues.

Dozens of government websites have seen their security certificates expire since the government shuttered on December 21, with no one at work to renew them, Netcraft reports.

Netcraft estimates that over 80 government websites, including the Department of Justice, the U.S. Court of Appeals and NASA, have been impacted by the shutdown.

The security certificates, known as TLS certificates, operate as a part of Information Technology infrastructure by sending encrypted data between a website and a browser. The certificate protects information and prevents hackers from reading or otherwise gathering information shared between a device and a website, including personal data such as addresses or bank account numbers.

The problem with the certificates means that some government websites are inaccessible, thanks to HTTP Strict Transport Security procedures (HSTS). Websites using HSTS which have expired security certificates cannot be accessed at all, while other websites without HSTS can be accessed by using HTTP in the web address instead of HTTPS, TechRadar reports.

Cybersecurity experts are concerned that the shutdown could leave government websites vulnerable to hackers.

Suzanne Spaulding, a former under secretary with the Department of Homeland Security told the BBC, "With each passing day, the impact of the government shutdown on our nation's security grows. Meanwhile, our adversaries are not missing a beat and the daily attacks on our systems continue. Cybersecurity is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries."

According to a report from Axios, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has seen 1,500 workers placed on furlough, nearly all of them support staff. Government workers classified as essential are continuing to work during the shutdown.

"Defending federal networks is already an act of triage, due to personnel shortages, legacy IT overhang, uneven risk management practices and a hostile threat environment. Furloughs make a hard job even harder," Andrew Grotto, a former White House cybersecurity adviser for Presidents Barack Obama and Donald Trump, told Axios. "What that means as a practical matter is that these people have to do even more than usual."

In a blog for Netcraft, security consultant Patty Mutton said that the risks grow far more extensive the longer the shutdown goes.

"As more and more certificates used by government websites inevitably expire over the following days, weeks - or maybe even months — there could be some realistic opportunities to undermine the security of all US citizens," Mutton said.

Visitors to the websites are encouraged not to enter personal information or to log in to a site with an expired TSL certificate.

Government Shutdown
A 'Closed' sign is seen during a news conference after a House Democratic Caucus meeting at the U.S. Capitol January 9, 2019 in Washington, DC. House Democrats gathered to discuss the Democratic agenda as the partial government shutdown enters day 19. Photo by Alex Wong/Getty Images