U.S. government shutdown: Websites insecure and inaccessible

Posted Jan 12, 2019 by Tim Sandle
One underplayed aspects of the longest U.S. government shutdown in history is with federal websites. Several websites have become inaccessible and even more face security risks due to a lack of updates.
A sign outside the Arthur M. Sackler Gallery posted on January 2  2019 notes that   the Smithsonian ...
A sign outside the Arthur M. Sackler Gallery posted on January 2, 2019 notes that the Smithsonian museums were forced to close by the partial shutdown of the US government
Andrew Caballero-Reynolds, AFP/File
The partial shutdown of the U.S. government is the longest on record (surpassing the previous record of 21 days), and at the time of writing there still no end in sight to the entrenched political standoff. The standoff rests on the dispute between President Trump, who wishes to build a wall across the U.S.-Mexican border, and the House of Representatives who are focused on other spending priorities.
Reported by Engadget, a consequence of this period of inactivity is that scores of U.S. government websites are either inaccessible or they pose a security risk. This is because there has been no one around to update TLS certificates. TLS represents 'Transport Layer Security' and it is a cryptographic protocol that provides authentication and data encryption between servers, machines and applications operating over a network. In essence, a TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.
In terms of the types of websites affected, a review by Netcraft plots the range extending from NASA to the Department of Justice and through to the Court of Appeals. In all there are some eighty ".gov" websites that are affected by the shutdown.
The impact of out-of-date TLS certficiates depends on an individual's browser. Either a person will be able to access the websites, but this poses a cybersecurity risk, or they will be blocked from access some or all of the content. In practice most of the affected sites will display an interstitial security warning, however the user can elect to bypass this should they weigh up that the cybse-risk is sufficiently low.
Speaking with the BBC, security consultant Paul Mutton said of the matter: "As more and more certificates used by government websites inevitably expire over the following days, weeks - or maybe even months - there could be some realistic opportunities to undermine the security of all US citizens."