The Government Shutdown will Contribute to more CyberSecurity Hacks

Americans are more vulnerable to cyber fraud and online scams than they were before this government shutdown started

The government shutdown, which was started over an old security issue (a wall), is now causing a growing security crisis in our virtual lives.  Ordinary Americans are already feeling the financial pain of the shutdown and on top of everything else will likely also see a rise in cybersecurity hacks stealing their money and data.

When currently receiving an email from various government departments you are likely to be presented with a somewhat ironic message saying,‘not trusted’. 

Not-Trusted-Certificate
Federal Government is not updating their SSL certificates.

What’s going on here? The government shutdown is causing core parts of our digital security to lapse, as the Federal Government is not updating their digital certificates.

The certificates are beginning to lapse because the staff who normally renew these certificates are not at work. The certification system does a number of things which are essential for government. It ensures email cannot be read by anyone but the intended recipient, ensures your message wasn’t tampered with during transit and allows recipients to confirm your identity as the sender of the message. It is a cornerstone of basic digital security. Without it an email from federal government departments is simply not as trustworthy.

Presumably these same staff don’t just update email signing certificates, so this indicates a more fundamental problem. 

Some may argue that the connection to the outward facing government site being insecure is of little consequence because all the secret stuff happens elsewhere. However, surely, it points to our government’s competence in a critical area.

It is often impossible to fully understand the level of cybersecurity ability that an organization has — simply put you can’t always see inside. So large tech companies engaged in merger and acquisition (M&A) activity (like Google), examine many external indicators, such as (but not limited to) certificate management in order to draw inference around what level of security exists within a company. If fundamental cybersecurity best practices are being adhered to then it is assumed good care is being taken around the data held within that company. If there are no external facing cyber protections, then that would be a cause for concern and further investigation.

Sticky-Note-Password

By this measure it should be inferred that the Federal Government has a spreadsheet called ‘passwords’ sitting on an unpatched computer in the White House with a yellow stickie on the computer saying, ‘password12345’. [Read more about Why YourPassword Can’t be 1234].

Simply put,

Americans are currently more vulnerable to fraud and online scams than they were before this shutdown started. 

The potential to impersonate or tamper with the communications from Federal Officials is a cause of real concern as is the security of citizen-facing payment sites in Treasury and Justice departments.

Whenever the government shutdown ends it will have contributed to the rise in cyber hacks effecting Americans in 2019.