The partial shutdown of the U.S. government is the longest on record (surpassing the previous record of 21 days), and at the time of writing there still no end in sight to the entrenched political standoff. The standoff rests on the dispute between President Trump, who wishes to build a wall across the U.S.-Mexican border, and the House of Representatives who are focused on other spending priorities.
Reported by Engadget, a consequence of this period of inactivity is that scores of U.S. government websites are either inaccessible or they pose a security risk. This is because there has been no one around to update TLS certificates. TLS represents ‘Transport Layer Security’ and it is a cryptographic protocol that provides authentication and data encryption between servers, machines and applications operating over a network. In essence, a TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.
In terms of the types of websites affected, a review by Netcraft plots the range extending from NASA to the Department of Justice and through to the Court of Appeals. In all there are some eighty “.gov” websites that are affected by the shutdown.
The impact of out-of-date TLS certficiates depends on an individual’s browser. Either a person will be able to access the websites, but this poses a cybersecurity risk, or they will be blocked from access some or all of the content. In practice most of the affected sites will display an interstitial security warning, however the user can elect to bypass this should they weigh up that the cybse-risk is sufficiently low.
Speaking with the BBC, security consultant Paul Mutton said of the matter: “As more and more certificates used by government websites inevitably expire over the following days, weeks – or maybe even months – there could be some realistic opportunities to undermine the security of all US citizens.”