Expired certificates likely contributed to one of two data glitches that had California undercounting new COVID-19 cases for more than a week – leading, some believe, to the resignation of the state’s public health director.
“Certificates act as identities for all kinds of machines; they control the flow of sensitive data. When certificates expire applications, servers, containers and algorithms fail,” said Kevin Bocek, vice president of threat intelligence at Venafi.
Beginning July 31, an expired certificate kept California’s centralized reporting system from receiving data from Quest, one of the labs doing COVID-19 testing in the state. That incident followed a glitch caused by a temporary patch applied after a server outage in the centralized system.
“Unfortunately, we should expect these kinds of failures to happen more often because companies have had to make dramatic changes to routine business operations to cope with pandemic and IT and security teams are struggling to keep up,” said Bocek, noting that because “our critical infrastructure is heavily dependent on machines” that require certificates for secure communication “expired certificates were already costing the global economy between $51-72B annually before the pandemic.”
California Governor Gavin Newsom said in a press conference that California was relying on “databases that were never made for the world we live in” and pledged to address what he called “foundational data issues.”
Newsom’s comments came after state Public Health Director Dr. Sonia Angell resigned, presumably as a result of the reporting issues.