What the Government Shutdown Teaches Us About Website Security

Since December 22nd, the US government has been shutdown until agreement on the budget is reached.

This, of course, has impacts on many people across the U.S. who use government resources.

One thing that is often overlooked as a result of a government shutdown is websites - specifically the maintenance and updates, including security, of various U.S. government sites.

While the people who manage the government’s websites might not be working, and therefore can’t update the content on the sites, the bigger issue is SSL certificate renewals.

SSL (Secure Sockets Layer) is a security protocol used by a server and a browser when displaying a website. It ensures that all data between the two is encrypted (preventing data hacks, breaches etc.).

In the past two years, Google has made it very clear that having SSL enabled on sites is important for users and a factor on site rank.

More importantly, having a valid SSL certificate is the first line of defense against malicious actors or website hackers who are increasingly targeting government sites.

Unfortunately, with the government shutdown, this is a problem.

With the government in shutdown mode, some .gov sites are currently displaying notifications that no one is managing or updating the content, while others are simply not working because their SSL certificates expired right before or during the shutdown.

With security being more important than ever, what should we all learn from what’s happening with .gov sites right now?

First, Don’t Use These Sites Until They’re Updated

Netcraft has listed a few examples of government sites that are overdue for an SSL renewal, and while there’s not a ‘full list’ of sites that have issues, it’s safe to say any government website should be looked at with a careful eye before you submit personal information (if that’s what you need to do).

Once these site are updated, you should be able to access all files as necessary, and you’ll see this in your browser:

This indicates that an SSL is set up and working (and you can safely use the site).

Set Early Reminders for SSL Renewal

Without being involved, it’s safe to say that the government sites that are having issues could have avoided this security blip if they set earlier renewal reminders for their SSL.

Though you might have payment on auto-renew, it’s still important (and your responsibility) to monitor necessary site updates. This can include SSL, domain renewals, and plugins.

It’s of course simpler if these all hit around the same time of the year, but regardless, set calendar reminders for a few weeks before each of these needs to renew.

Now Is The Time to Read Up On SSL

If you made it this far and you’re still saying “I don’t really get what SSL is,” I’m sure you’re not alone.

With data security more important than ever, and these government sites having issues with their SSL certificates, now is a great time to get up to speed.

Here are a few resources to get you headed in the right direction:

• What is SSL, TLS and HTTPS?

• Video: What is SSL and Why Do You Need it?

• Info about the HTTP Strict Transport Security

• Top SSL Certificates Buyer's Guide

• Google Punishes Insecure Sites, Makes SSL A Standard