Shutdown Leaves Government Websites Vulnerable To Hackers

Security certificates have begun lapsing on the sites, leaving them unverified.

As the partial federal government shutdown creeps into month two, cybersecurity experts are warning that government websites could be hit by hackers.

As NPR noted in a report this week, a quick trip to manufacturing.gov reveals the site has become unusable because it hasn’t been able to renew its security certificate thanks to the shutdown. That means there is currently no assurance the site is credible.

White Ops security firm scientist Dan Kaminsky told NPR the lapsed certificate “is really the government resource that I’m trying to access and not some bad guy.”

If a browser alert indicates a government site may be unsafe and the visitor overrides the warning, they may be directed instead to a page set up by hackers, placing them at serious risk, Kaminsky explained.

Last week, the House Homeland Security Committee announced that more than half of the Cybersecurity and Infrastructure Security Agency had been furloughed, leaving only 43 percent to protect against cyberattacks. 

A recent Data Center Knowledge report states numerous government sites are down already as cybersecurity departments within federal agencies are operating with reduced staffs during the shutdown.

Pravin Kothari, the CEO of San Jose cybersecurity firm CipherCloud, told the outlet the furloughs present a threat.

“With these people on leave, the probability of a successful undetected network penetration goes up,” he said.

Despite expired security verifications for some sites, U.K. security expert Ken Munro told the BBC earlier this month that “an out-of-date certificate still provides for strong encryption.”

However, those surfing the web should remain on their guard since “it becomes harder for the user to verify the legitimacy of the web site and their connection to it,” he added.

HuffPost readers: Are you affected by the government shutdown? Email us about it. If you’re willing to be interviewed, please provide a phone number.