Government Shutdown Could Impact Cyber Security

Thursday, April 07, 2011



A government shutdown would not only cause a reduction in available staff, there would also likely be a temporary shutdown of some IT systems, creating a crisis of prioritization and the possibility that federal cyber security may suffer.

Regardless of well established contingency plans each federal agency maintains, the simple fact that there will be fewer government employees at their posts inherently means there will be an increased level of vulnerability to federal networks.

"Because there are not enough people watching as there was before, the risk profile will be higher if there's a government shutdown," said the national director of U.S. Cyberchallenge, Karen Evans.

The white House estimates that more than three-quarters of a million federal workers may be off the job if Congress fails to pass funding legislation by midnight Friday, but there are no official estimates of how many information networks may also be affected by a partial government shutdown.

According to GovInfoSecurity, both the Office of Management and Budget and the Department of Homeland Security refused the opportunity to comment directly on the possible impact a shutdown might have on federal cyber security.

The DHS did however issue an optimistic statement earlier this week regarding the likelihood there will even be a shutdown, and reitterated the fact that there are contingency plans for such an event in place.

"As a matter of course, DHS plans for contingencies. In fact, since 1980, all agencies and departments have had to have a plan in case of a government shutdown, and these plans are updated routinely. All of this is beside the point since, as the bipartisan congressional leadership has said on a number of occasions and as the president has made clear, no one anticipates or wants a government shutdown," the DHS stated.

Others familiar with the possible effect a shutdown may have on federal cyber security were not as optimistic, such as former Interior Department Chief Information Officer W. Hord Tipton, currently the executive director of the IT certification and education organization (ISC)2. 

"When we put ourselves in state of chaos like this, and this is what it will be, think of the opportunities for striking through the APTs (advanced persistent threats), they can pick and choose the targets with much less security behind them," said Tipton.


Possibly Related Articles:
Budgets Government Cyber Security Advanced Persistent Threats Headlines Network Security DHS Congress Federal
Post Rating I Like this!
Patrick Bryant I am contractor for a Federal Agency employed as a cyber security incident responder. During this shutdown, I am going without pay, and unlike Civil Service employees, there has been no bill passed by the House to reimburse contractors for their lost wages.

This situation creates a very serious danger for our nation caused by a convergence of factors:

1) The information systems of the United States Government are under continual attack from sophisticated and well-funded foreign governments. At this moment, practically no one is working to repel those attacks. We are in fact engaged in a cyber war right now with several nations. And at this moment – no one is guarding the fort.
2) Under normal circumstances, the US Government has a serious shortage of trained personnel to maintain countermeasures to those cyber attacks. Most of the personnel that do exist are now furloughed contractors, who have no hope of reimbursement once they return to work.
3) Since the private sector has a similar shortage of trained cyber security personnel, it behooves those of us who are employed as Federal contractors to seek more reliable employment elsewhere. This will only increase the personnel shortage and exacerbate the risks to the information systems that are an essential part of Federal Government operations.

I have no doubt that several hostile foreign governments are currently celebrating their unfettered freedom to compromise the security and operational integrity of the Federal Government’s computers and networks. And I am challenged to express in words how demoralizing it is to be considered “non-essential” and to be summarily tossed off our jobs and told to eek out an existence without pay.

Those of us who work as cyber security contractors for the Federal Government are generally paid less than our counterparts in the private sector. Patriotism and pride in our mission is a large part of our compensation. But pride and patriotism won’t pay our bills, feed our children, or compensate for the lost wages caused by unreliable employment.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.