,
3 tweets,
1 min read
Read on Twitter
A lot of people have asked me about the story on all the .gov certs expiring during the shutdown: news.netcraft.com/archives/2019/…
The security risk to users is actually very low, since trusting a recently expired cert doesn't in and of itself allow traffic to be intercepted.
The security risk to users is actually very low, since trusting a recently expired cert doesn't in and of itself allow traffic to be intercepted.
The bigger user impact is being locked out of federal services, and of course how it weakens trust in federal agencies to show security warnings to users.
The culprit here is a severe lack of automation across agencies: certificate renewal should never need manual intervention.
The culprit here is a severe lack of automation across agencies: certificate renewal should never need manual intervention.
Automation is critical to modernization, in more than just cybersecurity. And too many federal agencies fail to prioritize automation, or just don't have the skillset to do it.
Expired certificates are just the most publicly visible symptom of legacy infrastructure and process.
Expired certificates are just the most publicly visible symptom of legacy infrastructure and process.
