As the United States Federal Government shutdown enters its 24th day, the impact of the longest shutdown in history is being felt across the country.
As President Trump threatens to declare a national emergency over his plans to build a wall along the Mexican border (and the Democrats refusing to approve its $5.7bn budget), both sides have reached a stalemate, meaning many departments in the US government have come to a standstill.
One of the unforetold consequences of the US government shutdown is on cybersecurity. According to internet services company Netcraft, more than 80 Transport Layer Security (TLS) certificates, including the US Department of Justice website and the Court of Appeals site, have expired during the shutdown.
US government shutdown: cybersecurity threats
TLS certificates are what proves that a website is authentic and that any information sent through the website is secure and encrypted. When a security certificate is not renewed it makes it harder for someone visiting the site to determine whether it is legitimate or not. According to Netcraft, without a valid certificate websites could be at risk of “man in the middle attacks” in which an attacker redirects users to a fake version of a website, usually flagged up by the TLS certificate.
If attackers become aware that certain websites are without certificates, that may leave them more open to exploitation, especially worrying considering the sensitive information some government websites contain. Therefore, users have been warned not to log into or enter any personal information on such sites where the certificate has expired.
Some websites cannot be accessed at all, as their out-of-date certificates are blocked by browsers, leaving many unable to access vital information.
A lack of staff
As well as this, around 400,000 federal employees are not working while the shutdown continues, meaning many departments, including the Department of Homeland Security – which has recently established a Cybersecurity and Infrastructure Security Agency – and The National Institute of Standards and Technology, are working with far fewer staff than usual. For those responsible for cybersecurity, this lack of staff may make it even harder to identify and respond to potential cyberattacks on sensitive government information, leaving IT infrastructure under threat.
According to ZD.net, the government also risks losing valuable cybersecurity personnel to the private sector, as federal government employees go unpaid for almost a month.
“Daily attacks on our systems continue”
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks Adviser believes that the continued shutdown is posing a threat to the country’s cybersecurity:
“With each passing day, the impact of the government shutdown on our nation’s security grows. Meanwhile, our adversaries are not missing a beat and the daily attacks on our systems continue. Cybersecurity is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries.
“And the timing couldn’t be worse, with Congress just having established the new Cybersecurity and Infrastructure Security Agency (CISA) at DHS. Getting this agency fully operational requires a lot of work and it’s like repairing an airplane while you’re flying it. You try to avoid disrupting the critical operational activity even while you make changes to improve the organisation. This shutdown is a disruption CISA can ill afford.”