PrivacyPartner_876819100_Feature_1920x945

01.17.19

Ongoing government shutdown places U.S. cybersecurity in peril

As the partial government shutdown nears the one-month mark, there is increasing concern that hackers may use the shutdown as an opportunity to infiltrate U.S. government networks.

Last November, President Trump launched the Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency (CISA). CISA’s purpose is to defend the federal government’s computer systems from potential cyberattacks. However, less than two months after its creation, nearly 45% of the agency’s staff has been furloughed due to the shutdown. While some cybersecurity processes can be automated, many others require analysts to evaluate threat reports and determine the appropriate course of action. And even “essential” cybersecurity functions have been hampered by the shutdown, due to a lack of incoming information from other government agencies.

At the National Institute of Standards and Technology (NIST), which sets and updates security and privacy standards for the government and private sector, nearly 85% of employees are furloughed. The Computer Security Resource Center, where NIST posts its comprehensive guidelines for network and account security, is another casualty of the shutdownthe website is currently unavailable.

Routine maintenance and security patching of federal websites has also come to a halt, creating opportunities for malicious actors to break a website’s encryption and insert malware. Since the start of the shutdown in December, HTTPS security certificates for over 80 government websites have expired, including pages maintained by the Department of Justice and NASA.

Aside from direct hacking of federal computer systems, the government shutdown creates an opportunity for hackers to examine network activity and determine which are considered “essential,” in preparation for a future attack. Moreover, the rapidly increasing backlog of unassessed threats and system maintenance has the potential to hinder cybersecurity agencies far into the future, even after this record-setting shutdown finally comes to an end.