Government Shut Down Opens Door For Cybersecurity Gaps

The prolonged and ongoing government shut down due to a standoff between President Trump and Congress is affecting more than just 800,000 government paychecks and border walls.  The shutdown is affecting key agencies that control cybersecurity, such as the Department of Homeland Security, and compromised government cyber systems are the root of anxiety for many.

Tom Kellerman, chief cybersecurity officer for Carbon Black, stated that he is not sleeping well in light of the shutdown-caused vulnerability.  With Chinese, Russian, and North Korean cyber sieges in full force, Kellerman says that when the shutdown is called off, the first order of business needs to be compromise assessment and infiltration suppression.

Michael Daniel, CEO of the Cyber Threat Alliance and former White House cybersecurity coordinator, expressed his concern over the threat.  “Like so many areas across the government, over time a shutdown will steadily erode the federal government’s cybersecurity readiness.”  Much of the U.S. government’s science laboratory, NIST, is furloughed for the shutdown duration, and many countries outside of the U.S. depend on NIST’s guidelines on computer security to secure their own systems.  “New policy work is essentially frozen,” says Daniel, “so needed changes or updates to existing policies will not occur, nor will the government develop policies to address new areas.

Some areas of NST will remain in operation during the shutdown, such as the timing infrastructure that is essential for synchronizing computer clocks.  The National Vulnerability Database also remains open.  Also, the U.S. Computer Emergency Readiness Team, which is part of the Department of Homeland Security, is continuing to publish alerts.

Daniel also voiced concerns over the viability of Trump’s new organization- the Cybersecurity and Infrastructure Security Agency (CISA) that was signed into Act in November 2018.  With 45% of its staff furloughed, Daniel feels the new agency will have a difficult time catching up once funding returns. “Over time, personnel slots will go unfilled and contracts will expire,” says Daniel, “making it difficult to sustain a workforce or upgrade equipment.”

More than 80 TLS government certificates for .gov websites have not been renewed, making them inaccessible to parties outside the U.S.  “Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. shutdown,” says Netcraft, a U.K. anti-cybercrime firm.  “These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S> Department of Justice, and the Court of Appeals.”

Even the FBI is feeling the pains of a prolonged shutdown.  The Bureau is having difficulty running operations and paying informants.  Failing to pay employees during the prolonged furlough also damages the government’s hiring pool as many government workers will defect to private sector employers that pay more and do not shut down.  Especially in a fast-growing field like cybersecurity.