Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

The Cybersecurity Impact Of The Government Shutdown Is Not What You Think

down-arrow

There has been a great deal of speculation around the cybersecurity posture of the nation in light of the most recent (and longest documented) government shutdown. I’ve seen two main concerns arise within the cyber community speculating about the impact of the government shutdown:

  1. Limited security personnel during the shutdown
  2. The cybersecurity talent shortage becomes a crisis for the public sector

 

Infiltration during and after the government shutdown

Many experts are noting that due to the weakened state of the government’s cybersecurity teams, they will not be able to defend against a bad-actor breaking in and sitting within government networks after the shutdown ends. This would allow the bad-actor to sit within the federal networks undetected until they decide to truly execute a cyber attack.

While reports indicate that roughly 50% of the newly created Cybersecurity and Infrastructure Security Agency (CISA) has been furloughed as a result of the government shutdown, these teams were drastically understaffed before the shutdown even began. The CISA, newly elevated within the Department of Homeland Security a month before the shutdown started, was still establishing itself before the funding ran out. The sites and networks that the government has deemed of significant importance (primarily .mil URLs) are still under constant monitoring. The primary concern that I’ve seen has been the civilian facing sites - social security, Medicare/Medicaid, and food stamps. The concern around these sites is the SSL certification running out during the government shutdown. The fact is that it is that the SSL certificate is actually the least of the concerns for these organization, the IRS suffered a breach weeks before the government shutdown even began. While yes, skimming is of concern for these organizations, the SSL certification is actually the least of their worries.

Government cybersecurity skills shortage becomes a crisis

One of the greatest challenges facing anyone in the cybersecurity field is the growing talent shortage. Public and private sector organizations have scrambled for talent as cybersecurity is elevated to a board-level issue at private sector companies and it is also drawing more focus in the public sector as well. However, for public sector organizations, this government shutdown will have lasting effects on the interest in government cybersecurity positions but not in the way many experts are thinking. 

The current stance of many cybersecurity professionals is that it will exacerbate an already competitive recruiting market and given the perceived instability of a government cybersecurity position, new entrants will be deterred from joining the workforce. I don’t think this will be the case. New entrants in the job market, namely recent graduates, are more concerned with experience rather than stability. What the shutdown will do is cause a brain drain rather than a recruiting crisis. The retention of current employees will be a greater immediate issue once the government opens following the shutdown. 

NIST proves essential

Within the cybersecurity community, one of the greatest issues that occurred as a result of the government shutdown was the National Institute of Standards and Technology website. The gold-standard NIST Cybersecurity Framework as well as their other portfolio of standards and practices for cybersecurity were inaccessible for the first three weeks of the shutdown. Both public and private sector security leaders alike were blindsided by the lack of access. Losing these gold-standard documentations surpasses talent and team size in terms of cybersecurity risk for the nation.

Despite the government shutdown continuing on, the public outcry over the NIST website going down caused a shift in resources in the government and now the NIST website is at least partially functioning. With the government being one of the more important users of NIST publications, the lapse in access is the greatest threat that we faced as a result of the shutdown.

What the government shutdown really has done for the nation’s cybersecurity

While many members of the industry are concerned with the impact of the shutdown itself, the government shutdown has had a greater longer-term impact. Rather than creating new openings for cybercriminals, the government shutdown has illuminated existing risks that the government faced before the shutdown and caused the industry to react. The government shutdown has acted as a catalyst for the nation to start asking questions about how our government approaches cybersecurity. 

The shutdown has also load tested what about the nation’s approach to cybersecurity is deemed “essential”. It is not simply the personnel, but the resources. More specifically, the NIST resources that, while are shared between the public and private sectors, is critical to the nation’s cybersecurity operations. The longer-term implications of which are that the CISA will need to reassess its relationship with NIST and determine a contingency plan to keep the NIST cybersecurity resources operational in the event of a future shutdown.

You may also like

How to Create a Cyber Risk ...
on June 10, 2024

In today's fast-paced digital landscape, conducting a cyber risk assessment is crucial for organizations to safeguard their assets and maintain a robust security posture. A cyber ...

Critical Capabilities of ...
on June 4, 2024

Continuous Control Monitoring (CCM) is a critical component in today's cybersecurity landscape, providing organizations with the means to enhance their security posture and ...

A NIST AI RMF Summary
on May 29, 2024

Artificial intelligence (AI) is revolutionizing numerous sectors, but its integration into cybersecurity is particularly transformative. AI enhances threat detection, automates ...

Critical Capabilities of Cyber ...
on May 20, 2024

In today's digital landscape, robust cybersecurity risk assessment tools are crucial for effectively identifying and mitigating cyber threats. These tools serve as the first line ...

A Practical Approach to FAIR Cyber ...
on May 10, 2024

In the ever-evolving world of cybersecurity, managing risk is no longer about simply setting up firewalls and antivirus software. As cyber threats become more sophisticated, ...

Unveiling the Best Cyber Security ...
on April 24, 2024

Considering the rollout of regulations like the SEC Cybersecurity Rule and updates to the NIST Cybersecurity Framework; governance and Board communication are rightfully ...