The US government shutdown is having a chilling effect on national cybersecurity, with 80 government web certificates having already expired without being renewed and FBI agents issuing a stark warning.
Vendor Netcraft claimed on Thursday that the lapsed certificates include those affecting “sensitive government payment portals and remote access services” at agencies like NASA, as well as the Department of Justice and the Court of Appeals.
The impact of this administrative snafu is to render the sites inaccessible or insecure. If HSTS is properly implemented, modern browsers will now not allow users to visit sites with expired certificates, said Netcraft.
“However, only a few of the affected .gov sites implement correctly-functioning HSTS policies. Just a handful of the sites appear in the HSTS preload list, and only a small proportion of the rest attempt to set a policy via the Strict-Transport-Security HTTP header — but the latter policies will not be obeyed when they are served alongside an expired certificate, and so will only be effective if the user has already visited the sites before,” it explained.