In April 2015, Instagram’s security certificate briefly expired. The site renewed the certificate in under an hour, but only “after the whole world noticed,” said Paul Mutton, a Netcraft security consultant, as millions of users were left without access to the site for the short duration of the expiration. Netcraft, an Internet security firm based in Britain, now reports more serious instances of such blunders, in which the federal shutdown has rendered at least 130 websites owned by U.S. government agencies inaccessible.
According to The Washington Post, as the government shutdown continues, the number of inaccessible government websites climbs fast. Web pages run by the White House, NASA, the Justice Department, the Federal Aviation Administration, the National Archives, the Department of Agriculture, and more have been affected.
Website owners must periodically renew their security certificates in order to guarantee a secure connection between the user and the site’s server. When a website’s security certificate expires, browsers like Google Chrome, Mozilla Firefox, and Apple’s Safari won’t display its pages. Instead, it displays a message, warning users that the site may have been infiltrated by hackers.
Some agencies have automatic renewal set up on their sites, according to Matthew Prince, chief executive of the Internet security firm Cloudflare. The ones who rely on manual renewal, however, are out of luck until their personnel is able to return for work. Prince offered Cloudflare services, including automatic renewal, to the Justice Department and NASA, but such agencies are unable to accept during the shutdown.
“They’ve said ‘Thanks for the offer to help, but we don’t actually have anyone who is able to sign a new contract,’” Prince said. “Even agreeing to the terms of service is a contract. So they can’t even sign up for the free version of the service that would solve this problem.”
Chris Vickery, director of cyber-risk research at the security firm UpGuard, worries of the unintended consequences of widespread immobilization throughout government sites. For instance, savvy Web users may begin to not take the warning messages seriously, trusting that government websites are heavily protected, circumventing the warnings, and thus undermining the general security measures of the Internet.