The technology behind this is called SSL or Secure Sockets Layer a standard security technology that safeguards data that is being sent between two systems. It is an implemented set of internet rules (protocol) where data is transferred over a secure connection. This technology prevents criminals from reading and modifying any information shared between the user and the site being accessed. Data shared may include personal details, credit card numbers, and other sensitive information. That padlock that you see or that s in https assures you that hackers would not be able to read the data transferred between you and the site you are accessing.
That feeling of being secure when you see that padlock or knowing that the site you’re going to is safe creates a sense of trust with that site where you feel confident to use the services of the site.
On June 29, 2020, AJ Dumanhug, co-founder of Secuna a PH based cybersecurity company observed that the SSL certificate of www.gov.ph the National Government Portal (NGP) of the Philippines has expired. This posts a lot of danger not only to the government portal but also to the users as it contains government data, information, and services Filipinos could access.
According to the about page of www.gov.ph the “NGP’s design allows Government-to-Government (G2G), Government-to-Citizen (G2C), Government-to-Business (G2B) services in one venue. As an added value, the NGP also helps unify the Philippine Government under a singular online identity.”
It has been four days now since the site’s SSL certificate has expired and as of this posting, you will still get notification from your browser that www.gov.ph is not secure. “Attackers might be trying to steal your information from www.gov.ph (for example, passwords, messages, or credit cards)” pops up when I accessed it using an Edge browser.
The government needs to enable a valid SSL certificate immediately. The SSL certificate has an expiration date to make sure that all information in the certificate is accurate, also it proves that gov.ph is the valid and authentic owner of the domain.
Site owners get notification ahead of the expiration date and even if someone is amiss of his duty to monitor site issues like this, it would just take a few minutes to renew SSL certificate like what happened to me once.
One thing is certain. This incident proves that no one in the government is monitoring this small yet vitally important piece of technology.