Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

The Cybersecurity Impact Of The Government Shutdown Is Not What You Think

down-arrow

There has been a great deal of speculation around the cybersecurity posture of the nation in light of the most recent (and longest documented) government shutdown. I’ve seen two main concerns arise within the cyber community speculating about the impact of the government shutdown:

  1. Limited security personnel during the shutdown
  2. The cybersecurity talent shortage becomes a crisis for the public sector

 

Infiltration during and after the government shutdown

Many experts are noting that due to the weakened state of the government’s cybersecurity teams, they will not be able to defend against a bad-actor breaking in and sitting within government networks after the shutdown ends. This would allow the bad-actor to sit within the federal networks undetected until they decide to truly execute a cyber attack.

While reports indicate that roughly 50% of the newly created Cybersecurity and Infrastructure Security Agency (CISA) has been furloughed as a result of the government shutdown, these teams were drastically understaffed before the shutdown even began. The CISA, newly elevated within the Department of Homeland Security a month before the shutdown started, was still establishing itself before the funding ran out. The sites and networks that the government has deemed of significant importance (primarily .mil URLs) are still under constant monitoring. The primary concern that I’ve seen has been the civilian facing sites - social security, Medicare/Medicaid, and food stamps. The concern around these sites is the SSL certification running out during the government shutdown. The fact is that it is that the SSL certificate is actually the least of the concerns for these organization, the IRS suffered a breach weeks before the government shutdown even began. While yes, skimming is of concern for these organizations, the SSL certification is actually the least of their worries.

Government cybersecurity skills shortage becomes a crisis

One of the greatest challenges facing anyone in the cybersecurity field is the growing talent shortage. Public and private sector organizations have scrambled for talent as cybersecurity is elevated to a board-level issue at private sector companies and it is also drawing more focus in the public sector as well. However, for public sector organizations, this government shutdown will have lasting effects on the interest in government cybersecurity positions but not in the way many experts are thinking. 

The current stance of many cybersecurity professionals is that it will exacerbate an already competitive recruiting market and given the perceived instability of a government cybersecurity position, new entrants will be deterred from joining the workforce. I don’t think this will be the case. New entrants in the job market, namely recent graduates, are more concerned with experience rather than stability. What the shutdown will do is cause a brain drain rather than a recruiting crisis. The retention of current employees will be a greater immediate issue once the government opens following the shutdown. 

NIST proves essential

Within the cybersecurity community, one of the greatest issues that occurred as a result of the government shutdown was the National Institute of Standards and Technology website. The gold-standard NIST Cybersecurity Framework as well as their other portfolio of standards and practices for cybersecurity were inaccessible for the first three weeks of the shutdown. Both public and private sector security leaders alike were blindsided by the lack of access. Losing these gold-standard documentations surpasses talent and team size in terms of cybersecurity risk for the nation.

Despite the government shutdown continuing on, the public outcry over the NIST website going down caused a shift in resources in the government and now the NIST website is at least partially functioning. With the government being one of the more important users of NIST publications, the lapse in access is the greatest threat that we faced as a result of the shutdown.

What the government shutdown really has done for the nation’s cybersecurity

While many members of the industry are concerned with the impact of the shutdown itself, the government shutdown has had a greater longer-term impact. Rather than creating new openings for cybercriminals, the government shutdown has illuminated existing risks that the government faced before the shutdown and caused the industry to react. The government shutdown has acted as a catalyst for the nation to start asking questions about how our government approaches cybersecurity. 

The shutdown has also load tested what about the nation’s approach to cybersecurity is deemed “essential”. It is not simply the personnel, but the resources. More specifically, the NIST resources that, while are shared between the public and private sectors, is critical to the nation’s cybersecurity operations. The longer-term implications of which are that the CISA will need to reassess its relationship with NIST and determine a contingency plan to keep the NIST cybersecurity resources operational in the event of a future shutdown.

You may also like

Putting the “R” back in GRC - ...
on October 22, 2024

Cyber GRC (Governance, Risk, and Compliance) tools are software solutions that help organizations manage and streamline their cybersecurity, risk management, and compliance ...

October Product Update
on October 17, 2024

The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start off, we’ve made it easier to create an assessment and risk ...

Transforming Cyber Risk ...
on October 12, 2024

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize ...

Step-by-Step Guide: How to Create ...
on September 23, 2024

Cyber risk management has become more critical in today's challenging digital landscape. Organizations face increased pressure to identify, assess, and mitigate risks that could ...

From Fragmentation to Integration: ...
on September 17, 2024

Organizations are often inundated with many security threats and vulnerabilities in today's fast-paced cybersecurity landscape. As a result, many have turned to point ...

How to Create a Comprehensive ...
on September 9, 2024

Cyber threats are becoming more frequent, sophisticated, and damaging in today's rapidly evolving digital landscape. Traditional approaches to cyber risk management, which often ...