As the government shutdown enters its third week, dozens of federal websites are have become either insecure or inaccessible.
The dysfunction has been caused by more than 80 expired TLS certificates, a type of security technology that allows the encrypted transfer of data and information. They’ve lapsed because there aren’t enough federal employees around to renew them, ZDNet reported Friday. “Government websites are dropping like flies,” wrote Catalin Cimpanu on the technology news site.
The sites range from payment disbursers to informational pages. Some display a security warning; others can’t be accessed at all. The federal organizations affected include NASA, the Justice Department and the U.S. Court of Appeals.
Experts advise that users shouldn’t enter secure data into sites that warn of expired security credentials, as they could be subject to hacking.
More than 400,000 government employees, some of whom handle IT support and cybersecurity, are currently furloughed. Axios reports that nearly half of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) — about 1,500 employees — were sent home. The National Institute of Standards and Technology, which manages security protocols, has only 49 of 3,000 regular employees on duty.
On Dec. 26, the Department of Homeland Security posted a notice that its website was no longer being “actively managed.” It read: “This website was last updated on December 21, 2018 and will not be updated until after funding is enacted. As such, information on this website may not be up to date. Transactions submitted via this website might not be processed and we will not be able to respond to inquiries until after appropriations are enacted.”
The dhs.gov site is, for the moment, still up.
But technology experts say the shutdown could precipitate a major federal cybersecurity breach. “The current government shutdown has been a disaster on the cybersecurity front so far,” reports Cimpanu. “Experts from multiple cybersecurity firms have warned that this would be the perfect time for hostile countries to carry out cyber-attacks against the US government, as agencies are understaffed and IT infrastructure is left largely unattended.”
