Expired certificate locks US DHS staff out of systems

US Department of Homeland Security employees in Washington and Philadelphia found themselved locked out of a number of agency computer networks on Tuesday, thanks to an expired digital certificate for Windows domain controllers.

In a statement, a DHS official confirmed a network outage had temporarily affected four US Citizenship and Immigration Services (USCIS) facilities in the Washington area due to an "expired DHS certificate". 

Reuters first reported the incident earlier Tuesday, which a source familiar with the matter said also affected a USCIS facility in Philadelphia.

Employees began experiencing problems logging into networks Tuesday morning.

This was due to a problem related to Windows domain controllers, or servers that process authentication requests, which could not validate the personal identity verification (PIV) cards used by federal workers and contractors to access certain information systems, according to the source.

Some employees were able to access systems through a virtual private network. 

It was not clear how widespread the issue was or how significantly it affected daily functions at DHS - one of America's largest government agency whose responsibilities include immigration services, border security and cyber defence. 

The source said the issue stemmed from relatively benign information technology missteps and a failure to ensure network redundancy.

There was no evidence of foul play, the source said, adding that it appeared the domain controller credentials had expired on Monday when offices were closed for the federal Presidents Day holiday.

"We are working to track all device certificate issuance and expirations to ensure future lapses of service do not occur," the DHS official said in the statement.