Security & Fraud

Federal Websites’ Certificates Expire During Govt. Shutdown

Websites' Certificates Expire During Shutdown

Add federal websites to the fallout from the government shutdown.

According to a new report in The Washington Post, with the shutdown now dragging into its 27th day, a growing number of websites operated by the federal government are breaking down. That, in turn, is making it difficult for Americans to use online services and is causing their trust in the government to waver.

The paper reported that during this week, several web security certificates owned by U.S. government agencies expired, with the number of outdated certificates jumping from 80 to up to 130 or more. The report cited Netcraft, an internet security firm in Britain, for the data. Netcraft said that online pages of the White House, Federal Aviation Administration, the National Archives and the Department of Agriculture have been impacted by the round of expirations. This comes on the heels of news last week that websites run by NASA, the Justice Department, the federal judiciary and others were impacted by expired security certificates.

Paul Multon, a security consultant at Netcraft, told The Washington Post that the number of websites with expired certificates could be higher than 130. What’s more, he said some of the certificates may have been for several pages. Without the certificates, users will see a warning that the site may have been hacked when trying to access a government agency’s website. Consumers not well-versed in cybersecurity may then think twice about using online services, eroding their trust in the government.

“It’s likely to be a very big, misunderstood situation,” said Chris Vickery, director of cyber-risk research at security firm UpGuard. “My grandmother, she communicates with friends and gets recipes online. If she went to a government website and saw a warning saying ‘This certificate is no good, it could be a bad guy’ — she would freeze up.” While some federal government agencies automate the process of renewing the certificates, many others rely on staff to get the job done. But with the government in a partial shutdown, there is no staff on hand to renew the certificates.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.