Federal Government Shutdown Now Impacting Cybersecurity
Cybersecurity professionals are now feeling the pain of the government shutdown.
Cybersecurity experts are starting to show concern about the ongoing U.S. government shutdown. Many say that without federal institutions functioning at full strength ,there is significant pressure on the country’s cybersecurity infrastructure.
“Cyberthreats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown,” said Lisa Monaco, former assistant to the president for Homeland Security and Counterterrorism, in an Axios report.
For those providing cybersecurity services, the threats are real, especially when federal government agencies are no longer providing intelligence, threat information, cybersecurity advice and support to the nation’s businesses and organizations.
David Tan, CTO of CHIPS Technology Group, echoes many of those concerns with some real world examples.
CHIPS Technology Group’s David Tan
“I have a few clients that do annual policy reviews in January, and we’ve had to delay those conversations since we rely pretty heavily on NIST and most of those resources are offline, Tan told Channel Futures.
The National Institute of Standards and Technology (NIST) is one of the agencencies hardest hit by the shutdown. Duo Security reports that 85 percent of the agency’s staff have been furloughed.
Yet the concerns don’t just end and begin with the NIST; other agencies that play in the cybersecurity game are feeling the pain of understaffing and a lengthy shutdown. For example, The National Protection and Programs Directorate, which helps manage both US-CERT’s Continuous Diagnostics (CDM) and Mitigation and Automated Indicator Sharing (AIS) programs, also has up to 80 percent of its cyber workforce on furlough. US-CERT has become a clearinghouse of cyberthreat data that many cybersecurity vendors have come to rely on as a resource.
“The shutdown has severely limited US-CERT programs,” Tan added. “I’m definitely worried we’ll have less of an ‘early warning’ system for possible threats and vulnerabilities. ”
Other agencies impacted by the shutdown include The Department of Homeland Security’s newly established Cybersecurity and Infrastructure Security Agency, which has furloughed nearly half (43 percent) of its workforce.
While the interruption of services and the reduction of staffers have an immediate impact on cybersecurity initiatives, there might be some long-term damage as well. Many important services and security-related functions remain available, but are operating on short-term cash reserves. The longer it takes for the government to reopen, the more likely that those cash reserves are depleted, which in turn will force agencies to shutter some of these services.
What’s more, many of the problems created by the government shutdown might have a long lasting impact.
“Government shutdowns tend to affect support activities disproportionately, such as hiring or vetting contracts,” noted Michael Daniel, former White House cybersecurity coordinator and current president and CEO of industry group Cyber Threat Alliance. “Thus, over time, personnel slots will go unfilled and contracts will expire, making it difficult to sustain the workforce or upgrade equipment.”
With many solution providers working with federal agencies, there are some concerns to …
… be had — but all might not be as bad as it seems.
“That the federal government is currently shut down does not mean that state governments are not open for business,” said John Heath, directing attorney at Lexington Law, a credit-repair legal firm. “State regulators also have state specific statutes that allow for enforcement and regulation of cybersecurity and compliance at the state level.
“We may see an increase in crime coming from offshore because federal law enforcement may not be investigating these types of crimes during the shutdown,” continued Heath. “With this said, consumers and businesses should take their own steps to protect their data. This would include, but should not be limited to, reviewing credit reports, placing fraud alerts and in some cases credit freezes.”
As the government shutdown continues, more cybersecurity and compliance issues might come to light. Solution providers should institute due diligence and extra vigilance to make sure that they and their clients aren’t impacted by the lack of federal support.
Read more about:
MSPsAbout the Author
You May Also Like