Getting back in the groove after the longest government shutdown in United States history was only the beginning for those affected by the work stoppage of late 2018. Upon return 35 days later, furloughed cybersecurity personnel were met with expired software licenses and weeks of unanalyzed network activity logs. Not to mention colleagues suffering from burnout.
Cyber risk and operations expert Christopher Kennedy, who spent more than 10 years as a federal security contractor for the U.S. Treasury, Department of Commerce, U.S. Marine Corps and other agencies, describes the potential scene: “As an incident responder, you just found activity that took place three weeks ago, and now you have to quarantine and clean up and fix it when three weeks of damage has already been done. The work is harder and more chaotic and maybe your toolset doesn’t work because a license is expired, plus maybe people’s security clearances have expired. All of those things are added together.”
Even agencies that were funded throughout—like the military and intelligence community—were not immune to the effects of the shutdown, thanks to network connections and interdependencies between agencies. This led cyber experts to warn of new opportunities for foreign adversaries and cyber criminals to try to take advantage of the shutdown due to fewer resources working to defend against security breaches.
“Unfortunately, we know all too well from experience that hackers, especially nation-state sponsored, have a high level of patience and are willing to lie in wait for the most opportune moment to strike,” says Mike O’Malley, VP of strategy at cloud defense firm Radware.
And, let’s not forget about the interests of the public and private sectors. Kennedy adds that one of the public-facing impacts of the shutdown was that web encryption certificates for numerous federal websites expired during the weeks of inactivity. This meant that people trying to access sites such as NASA’s rocket testing portal may have received online warnings that the pages were unsafe or completely inaccessible.
This was undoubtedly a grim reality check for a federal government that had some serious security challenges even before the shutdown occurred. In a May 2018 report, the White House’s Office of Management and Budget (OMB) found that 74 percent of the 96 federal agencies it assessed were in urgent need of digital defense improvements. More than half didn’t have the ability to catalog the software that runs on their systems, and only about 25 percent of agencies confirmed to the OMB that they were prepared to detect and investigate signs of data breaches.
A Post-Shutdown Silver Lining
Still reeling from the OMB report, the Cybersecurity and Infrastructure Security Agency (CISA) was introduced in November 2018 in an effort to improve cybersecurity across all levels of government and the nation. CISA was formed within the Department of Homeland Security to help coordinate partnerships between the public and private sectors critical to the nation’s security and resilience. These partnerships are intended to provide an environment for the sharing of critical threat information, risk mitigation, and other vital resources.
While the shutdown may have delayed the push to implement CISA, the agency was able to maintain critical operations despite furloughing nearly half of its workers. In one instance, it issued an emergency directive regarding Domain Name System infrastructure tampering across multiple executive branch agency domains. The agency also launched #Protect2020 as an initiative to secure the nation’s election infrastructure ahead of the 2020 presidential election. Those close to CISA consider it to be on target in its mission today despite fallout from the shutdown.
“When the shutdown ended, our professional workforce moved quickly to get us back into a fully operational posture,” says CISA press secretary Scott McConnell. “Currently, CISA is focused on energizing critical partnerships and priorities. Our four cyber-related priorities are election security, federal networks, industrial control systems, and supply chain risk management that includes the China threat and coming 5G technology.” Although ramifications of the recent government shutdown are still being felt, the CISA is poised to step in at a critical time as another layer of defense against digital and other threats. All the while, security professionals say that the shutdown was a prime recruiting opportunity for private firms, and that many government employees and contractors left or plan to leave for other positions. But let’s look on the bright side here: threats like spearphishing may have been less effective during the shutdown, since furloughed employees weren’t at their desks to check their email.