lolloj - Fotolia
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown.
More than 80 TLS certificates for .gov websites have expired in recent weeks amid the federal government shutdown, and it's unclear when they will be renewed.
Internet service provider (ISP) Netcraft found the expired certificates affected federal agencies such as the U.S. Department of Justice and NASA, rendering dozens of domains insecure. And in the case of the Department of Justice, Netcraft said several of the websites are inaccessible because of HTTP Strict Transport Security policies, which prevent browsers from accessing sites when expired certificates are found.
Netcraft noted that some .gov certificates expired prior to the government shutdown, which began on Dec. 22, 2018. But with approximately 400,000 federal government workers furloughed indefinitely, the ISP said extended certificate lapses could put both U.S. citizens and government agencies in jeopardy.
How will these expired certificates affect the federal government's security posture? What should have been done to prevent the certificates from lapsing? Is the government shutdown to blame for the situation? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.