The government shutdown is now putting an increasing number of federal government websites on the "insecure" list. And some are having other issues, as well.
The SecureWorld team typed in www.doj.gov to check on the U.S. Department of Justice website this morning, and got this message:
And we visited a related U.S. DOJ web address, and this is what pops up:
Click "Advanced" and Google has a message explaining that you cannot bypass this particular warning. In this case, the site is insecure and blocked by Google.
Here is that message:
Certificates are expiring, and there are no employees around to approve their renewal, apparently.
"Consequently, most of the affected sites will display an interstitial security warning that the user will be able to bypass. This introduces some realistic security concerns, as task-oriented users are more likely to ignore these security warnings, and will therefore render themselves vulnerable to man-in-the-middle attacks," says Netcraft.
SecureWorld reported a couple of weeks ago about the high percentage of NIST workers furloughed during the shutdown and a notice that its website "is not being supported" and often "not available" during this time.
Now we know this lack of support is impacting more than just new content, it is also shutting off a key piece of website cybersecurity on many federal websites.
We can already imagine this as a point of discussion in 2019 among InfoSec leaders. Hopefully, this does not train people on your network to ignore these types of warnings in the future.