Government shutdown: TLS certificates not renewed, many websites are down

[steven36]

Over 80 government websites are down after TLS certificates expired and there's nobody on hand to renew them.

 

 

More than 80 TLS certificates used by US government websites have expired so far without being renewed, leaving some websites inaccessible to the public.

 

NASA, the US Department of Justice, and the Court of Appeals are just some of the US government agencies currently impacted, according to Netcraft.

 

The blame falls on the current US federal government shutdown caused by US President Donald Trump's refusal to sign any 2019 government budget bill that doesn't contain funding for a Mexico border wall he promised during his election campaign.

 

This has resulted in hundreds of thousands of government workers being furloughed across all government agencies, including staff handling IT support and cybersecurity.

 

As a result, government websites are dropping like flies, with no one being on hand to renew TLS certificates.

 

Websites with expired certificates where admins followed proper procedures and implemented correctly-functioning HSTS (HTTP Strict Transport Security) policies are down for good, and users can't access these portals, not even to browse for basic information.

 

Government websites with expired TLS certificates but which didn't implement HSTS show an HTTPS error in users' browsers, but this error can be bypassed to access the site via HTTP.

 

 

Nevertheless, visitors are warned not to log in or perform any sensitive operations on these sites, as traffic and authentication credentials aren't encrypted and could be intercepted by threat actors.

 

Visiting and browsing content is fine, but users should also be aware that all websites will not be actively managed and there won't be employees on hand to process requests or update sites with the latest correct information.

 

The current government shutdown has been a disaster on the cybersecurity front so far. Experts from multiple cyber-security firms have warned that this would be the perfect time for hostile countries to carry out cyber-attacks against the US government, as agencies are understaffed and IT infrastructure is left largely unattended.

 

According to Axios, the Department of Homeland Security's newly created Cybersecurity and Infrastructure Security Agency (CISA) has had 43 percent of its staff, which amounts to roughly 1,500 employees, sent home. The National Institute of Standards and Technology, which puts together and manages many security standards, has also kept only 49 employees of its normal 3,000.

 

But besides the losses in current personnel, government agencies have also missed an important opportunity for recruiting new cyber-security talent this winter, according to CyberScoop. No representatives for the FTC, NIST, the State Department, or CISA were present at booths at an important cyber-related student recruiting event held in Washington this year.

 

In the end, nothing good will come out of this shutdown. May it be a cyber-attack that goes undetected or agencies losing cyber-security personnel leaving for the private sector, the ripple effects of this shutdown will haunt agencies for months or years to come.

 

Source

[mp68terr]

39 minutes ago, steven36 said:

The current government shutdown has been a disaster on the cybersecurity front so far. Experts from multiple cyber-security firms have warned that this would be the perfect time for hostile countries to carry out cyber-attacks against the US government, as agencies are understaffed and IT infrastructure is left largely unattended.

Far from having enough knowledge in cybersecurity, but wondering the point of the (likely expensive) cybersecurity measures if they require a numerous 24/7 staff?

[steven36]

10 minutes ago, mp68terr said:

Far from having enough knowledge in cybersecurity, but wondering the point of the (likely expensive) cybersecurity measures if they require a numerous 24/7 staff?

If it dont end soon, many people are going to leave these jobs and go flip burgers or something , it's so bad that many workers are going to or already have  run out of money. Who wants a job were you don't get paid?

[mp68terr]

2 minutes ago, steven36 said:

If it dont end soon many people are going to leave  and go flip burgers or something , irs so bad that many workers are going to or already have  run out of money.

It's indeed a big problem for the involved workers! They have their job to do and to be paid for.
I was talking about the cybersecurity stuff: if it needs numerous 24/7 workers, it means cybersecurity measures cannot be left to 'work alone'. Useless cybersecurity measures? Or useless experts who were cited above?

[steven36]

17 minutes ago, mp68terr said:

It's indeed a big problem for the involved workers! They have their job to do and to be paid for.
I was talking about the cybersecurity stuff: if it needs numerous 24/7 workers, it means cybersecurity measures cannot be left to 'work alone'. Useless cybersecurity measures? Or useless experts who were cited above?

When there is no one filling the jobs  all the load goes on the ones that are left  ,  The ones are left just have fill in for  the ones that was laid off. security standards are already in place  so that is not as important as  the  CISA witch still have around 2000 workers left. many who have savings will stay because when it ends they will most likely get rewarded  with double back pay they did with the last shutdown. We need some laws put in place making it illegal  for Government to use overreach and shut it down, after all the taxpayers pay for it and they have not stop taking taxes, they opened the irs and treasury back up yesterday.