The US federal government shutdown is in progress and its aftereffects have started to show in the IT industry in the form of degraded computer security. According to Netcraft and internet service biz, more than 80 TLS certificates used on gov. Websites have expired and not renewed. The US government actions have caused a few .gov sites protected by HTTPS to become inaccessible or flash browser errors. There are a few other sites like the NIST.gov have been scaled back as a result of lack of funds.
There a few sites facing issues related to the TLS certificates expiry as a result of insufficient funds like the US Justice Department website which sports a TLS from web registrar Godaddy which has expired on December 17, 2018.
There are certain recent cases as well like the NASA’s Rocket Test website which expired on January 5, 2019, Lawrence Berkeley Lab website, expired on January 8, 2019. Visitors find it difficult to access these site facing the issue as a result of expired certificates. These visitors keep getting an error message on their browsers which can be quite scary.
Netcraft reports suggest generally the HTTP Strict Transport Security (HSTS) present in most of the modern browser should be able to prevent users from accessing the sites without a valid certificate. But since the government websites fail to implement HSTS correctly, visitors are still able to access these misconfigured sites and increase the chances of man-in-the-middle attacks.
Recently President Trump had insisted on Congress to pass a national budget of $5.7 bn for building the border wall which was supposed to be paid for by Mexico, has resulted in a partial government shutdown. With the Democrats in control have rejected Trump’s plan and seems to have no interest in a compromise at the moment. This decision has resulted in almost 400000 people barred from work and unpaid as they have been judged nonessential.
The government agencies are also limiting operations which include the Departments of Agriculture, Commerce, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Justice, State, Transportation, and the Treasury. Additionally, the Environmental Protection Agency, official inattention is magnifying security risks.
From what it looks like seems a lot of IT work will be left undone due to lack of funds. A recently formed Cybersecurity and Infrastructure Security Agency (CISA) would be active in the absence of funding which has a task force of 3531 employees of which only 2008 will be working. At the NIST also things are not looking good as they are working with a minimal number of employees as rest were sent home and its website has also not been updated, somewhat hampering security research.
US federal government shutdown has also resulted in around 13000 active duty FBI special agents to send a petition to the White House and Congress leaders warning them about its impact on the law enforcement agency. With some agents continuing with their work without being paid other choose to remain at home. The investigation work is also hampered and limited as a result of limited resources.
- How to Protect Your Company’s Server From Ransomware Attacks
- Cryptocurrencies In Malaysia Be Regulated By Central Bank
- Chrome Introduces ‘Not Secure’ Markers On Unencrypted Pages
[amazon_link asins=’0070140650,9332585229,B079VG43WX’ template=’ProductGrid’ store=’technosearch-21′ marketplace=’IN’ link_id=’901eb932-ee7b-4d51-9d18-130d3ba04c5b’]