<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

The Cybersecurity Impact Of The Government Shutdown Is Not What You Think

down-arrow

There has been a great deal of speculation around the cybersecurity posture of the nation in light of the most recent (and longest documented) government shutdown. I’ve seen two main concerns arise within the cyber community speculating about the impact of the government shutdown:

  1. Limited security personnel during the shutdown
  2. The cybersecurity talent shortage becomes a crisis for the public sector

 

Infiltration during and after the government shutdown

Many experts are noting that due to the weakened state of the government’s cybersecurity teams, they will not be able to defend against a bad-actor breaking in and sitting within government networks after the shutdown ends. This would allow the bad-actor to sit within the federal networks undetected until they decide to truly execute a cyber attack.

While reports indicate that roughly 50% of the newly created Cybersecurity and Infrastructure Security Agency (CISA) has been furloughed as a result of the government shutdown, these teams were drastically understaffed before the shutdown even began. The CISA, newly elevated within the Department of Homeland Security a month before the shutdown started, was still establishing itself before the funding ran out. The sites and networks that the government has deemed of significant importance (primarily .mil URLs) are still under constant monitoring. The primary concern that I’ve seen has been the civilian facing sites - social security, Medicare/Medicaid, and food stamps. The concern around these sites is the SSL certification running out during the government shutdown. The fact is that it is that the SSL certificate is actually the least of the concerns for these organization, the IRS suffered a breach weeks before the government shutdown even began. While yes, skimming is of concern for these organizations, the SSL certification is actually the least of their worries.

Government cybersecurity skills shortage becomes a crisis

One of the greatest challenges facing anyone in the cybersecurity field is the growing talent shortage. Public and private sector organizations have scrambled for talent as cybersecurity is elevated to a board-level issue at private sector companies and it is also drawing more focus in the public sector as well. However, for public sector organizations, this government shutdown will have lasting effects on the interest in government cybersecurity positions but not in the way many experts are thinking. 

The current stance of many cybersecurity professionals is that it will exacerbate an already competitive recruiting market and given the perceived instability of a government cybersecurity position, new entrants will be deterred from joining the workforce. I don’t think this will be the case. New entrants in the job market, namely recent graduates, are more concerned with experience rather than stability. What the shutdown will do is cause a brain drain rather than a recruiting crisis. The retention of current employees will be a greater immediate issue once the government opens following the shutdown. 

NIST proves essential

Within the cybersecurity community, one of the greatest issues that occurred as a result of the government shutdown was the National Institute of Standards and Technology website. The gold-standard NIST Cybersecurity Framework as well as their other portfolio of standards and practices for cybersecurity were inaccessible for the first three weeks of the shutdown. Both public and private sector security leaders alike were blindsided by the lack of access. Losing these gold-standard documentations surpasses talent and team size in terms of cybersecurity risk for the nation.

Despite the government shutdown continuing on, the public outcry over the NIST website going down caused a shift in resources in the government and now the NIST website is at least partially functioning. With the government being one of the more important users of NIST publications, the lapse in access is the greatest threat that we faced as a result of the shutdown.

What the government shutdown really has done for the nation’s cybersecurity

While many members of the industry are concerned with the impact of the shutdown itself, the government shutdown has had a greater longer-term impact. Rather than creating new openings for cybercriminals, the government shutdown has illuminated existing risks that the government faced before the shutdown and caused the industry to react. The government shutdown has acted as a catalyst for the nation to start asking questions about how our government approaches cybersecurity. 

The shutdown has also load tested what about the nation’s approach to cybersecurity is deemed “essential”. It is not simply the personnel, but the resources. More specifically, the NIST resources that, while are shared between the public and private sectors, is critical to the nation’s cybersecurity operations. The longer-term implications of which are that the CISA will need to reassess its relationship with NIST and determine a contingency plan to keep the NIST cybersecurity resources operational in the event of a future shutdown.

You may also like

Benchmarking Your Cyber Risk ...
on September 25, 2023

Benchmarking your organization against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a valuable step towards improving cybersecurity ...

Security Posture Management: The ...
on September 27, 2023

Cybersecurity is a complex and dynamic field, and there are several elements that security teams must continuously monitor and manage to protect an organization's security ...

Stay One Step Ahead: A Guide to ...
on September 1, 2023

Cyber risk monitoring aims to proactively manage and mitigate cyber risk to protect an organization’s valuable assets and sensitive data. This process involves regularly ...

How to Create a Cybersecurity Risk ...
on August 22, 2023

For years, the discourse in IT has been centered around cybersecurity. Yet, with the volume of cyber attacks increasing, professionals have developed a more holistic approach to ...

How to Mitigate Cyber Risks in ...
on August 18, 2023

Supply chains are complex networks of organizations, people, processes, information, and resources, all collaborating to deliver goods and services to end consumers. Due to their ...

Conducting a Cyber Risk ...
on August 11, 2023

Cyber risk has become increasingly pervasive in almost every industry. From the new SEC cyber regulations to industry standards like the NIST CSF and HIPAA, regulatory bodies are ...