Here we are, right in the middle of the longest government shutdown in US history, many important agencies are either running on skeleton staffing or have their doors closed, their employees furloughed. Sadly, this includes federal cybersecurity staff and support. By Department of Homeland security tally, 43 percent of the workforce " over 1,500 employees " are furloughed. This creates opportunities for not only immediate risk but also risks that will likely be with us long after the shutdown is over.
SecurityToday magazine asked Guy Franklin, the GM of SOSA, a global innovation platform with a network of over 150 multinational corporations and investors recently selected by the New York City Economic Development Corporation to develop this Global Cyber Center, for insights into what could happen if the government shutdown lasts months, or even years, as President Donald Trump has been quoted as saying.
Franklin pinpointed three risks that are evident as the government shutdown continues:
- Retaining talent
- Lasting effects of the shutdown after the government is running again.
The Government Shutdown Is an Invitation to Hackers
Franklin explains that the continued shutdown tells the bad actors that our country is not currently putting full efforts into national security, including the security of our networks and data. "When adversaries detect that a nation isn't operating at full-power, they often increase their attempts to breach its systems," Franklin said. "Although there will always be members on the ground during a shutdown, those numbers fall far short of what is necessary to meet national security standards. The reduction in available personnel harms the country's ability to protect its assets, including vulnerable energy grids, financial information, military bases, and telecommunication networks."
Cybersecurity Talent will Become Even Harder to Retain
The government shutdown may force federal cybersecurity experts to rethink the line of work they're in. Why continue to work when you aren't being paid? Here's what Franklin had to say: "With two government shutdowns last year alone, the prospect of repeated shutdowns and staffing fluctuations is highly likely and has an impact on workplace morale and retention of government cybersecurity workers," Franklin said. "Morale drops at even the warning of a government shutdown, extending its impact beyond an actual government shutdown, itself. Over time, the lack of prioritization of personnel will cause employee vacancies to linger, creating both short and long-term problems potentially beyond repair. Almost 2 million cybersecurity jobs will go unfilled by 2022 according to the Global Information Security Workforce Study conducted by Frost and Sullivan and the International Information System Security Certification Consortium."
Vulnerabilities Will Remain Long After the Shutdown Ends
Even after the shutdown ends, the state of national security will remain vulnerable. This is due to the fluctuating staff and the lengthy time Cyberthreats have been left un-monitored on a full scale. Research shows that breaches sometimes take days, weeks or years to detect.
"Aside from obvious short-term risks to national security, the longer a shutdown persists, the more exposed a nation becomes," Franklin said. "And with less staff to defend critical national infrastructure from ongoing threats, these impacts can deepen, in some cases beyond repair. Without proper staffing, vital improvements and updates cannot be made. Nations need to look to global teams for support when navigating these types of damaging situations."
The government will also face issues related to long-term planning, said Robert Silvers, a cybersecurity partner at law firm Paul Hastings and a former top cyber official at DHS: "The problem is that strategic planning gets put on ice. Proactive outreach to companies, local law enforcement, international partners, procurement of new technology- it's all frozen," he said. "It would be like keeping the military operational but halting weapons purchases and maintenance. It's corrosive in the long run and impedes progress in an area where we already have a lot of work to do."
Even some of the most critical resources on the Internet have been taken offline by this shutdown. The National Institute of Science and Technology maintains catalogs of government cybersecurity standards that are essential for maintaining webpage up-time and HTTPS certificates. With 85 percent of their staff sitting at home, security certificates will expire and websites will be taken down.
When resources like these are unavailable, the Internet becomes a manifestly less safe place to spend time. That's the LAST thing any of us want!