Shutdown may make cybersecurity attacks easier for hackers
WASHINGTON — The partial government shutdown may be making some key federal departments and agencies running with skeletal staffs more vulnerable to cybersecurity breaches, experts said.
Meanwhile, the House Homeland Security Committee, which oversees the Department of Homeland Security, said it remains in the dark about how the shutdown has affected the department’s mission to safeguard critical infrastructure from cyberattacks.
“With so many cyber activities reliant on highly skilled contractors required to augment government personnel, government shutdowns significantly degrade the ability of the government function to meet all of their cyber mission requirements,” said Greg Touhill, president of Cyxtera Federal, a company that provides cybersecurity services to the federal government.
He cited security operations, software patching and penetration testing as “essential functions” deferred because of the shutdown.
Even when federal departments designate security operations centers as critical during a shutdown, “they still have gaps covering missionessential tasks, and many of the smaller agencies affected by the shutdown are unable to maintain the full 24x7 watch coverage,” said Touhill, a retired U.S. Air Force officer who served as the first U.S. federal chief information security officer in 2016.
Departments and agencies affected by the shutdown include the departments of State, Homeland Security, Agriculture, Commerce, and Housing and Urban Development, as well as the Environmental Protection Agency, the Internal Revenue Service, the National Institute of Standards and Technology, and the National Park Service.
Many of those are on the “hit-list for hackers, organizations that specialize in highend security intrusions, and nation-state actors,” said Tom Gann, chief of public policy at security research firm McAfee.
Cybersecurity at these agencies and departments could be degraded because lower-level government employees who bear the brunt of the shutdown often are on the front lines of basic computer security monitoring work, Gann said. A significant part of cybersecurity work at agencies is performed by contractor employees who are also off because they are not getting paid while the government is shut down, Gann said.
Absent employees could mean that agency computers go without needed security updates and lack the ability to detect network intrusions in a timely manner. “The first 24 hours between a hack and detection is vital,” Gann said. The sooner a hack is discovered, the easier it is to prevent damage from spreading, whereas “the longer a hack persists, the deeper it can infect,” he said.
Cyxtera’s Touhill said that during the closure, “skilled people qualified to respond to the alerts/alarms may not be in place or even available due to the shutdown.”
Nation-state hackers could also gain insight into which U.S. computer networks are considered vital and therefore functioning during the shutdown by comparing that picture with all the networks that are seen to be working during normal times, Gann said. “A foreign intelligence organization can deduce from that who matters and who doesn’t,” he said.