Jan 8, 2019

The shutdown's cybersecurity costs

Photo: Jorge Villalba/Getty

The government is on hiatus. Enemies of the U.S. are not.

Why it matters: During the government shutdown, essential personnel are exempt from the furlough — so in theory, anyone preventing cybersecurity calamities is still showing up for work. But experts believe the loss of support staff makes the cybersecurity effects of a shutdown bad in the short term and worse in the long term.

The fallout: Consider the difficulty of maintaining security in government networks before a government shutdown. Now try doing that with fewer people.

  • "Defending federal networks is already an act of triage, due to personnel shortages, legacy IT overhang, uneven risk management practices and a hostile threat environment. Furloughs make a hard job even harder," said Andrew Grotto, a former White House cybersecurity adviser for Presidents Obama and Trump and a current employee of Stanford's Hoover Institution.
  • While critical personnel are still on duty during a shutdown, he added, "What that means as a practical matter is that these people have to do even more than usual."

Those problems will stick around after the shutdown. It's likely, say multiple former federal employees Codebook spoke to, that federal networks will fall behind on basic hygiene tasks.

  • "Government shutdowns tend to affect support activities disproportionately, such as hiring or vetting contracts. Thus, over time, personnel slots will go unfilled and contracts will expire, making it difficult to sustain the workforce or upgrade equipment," noted Michael Daniel, former White House cybersecurity coordinator and current president and CEO of the industry group Cyber Threat Alliance.

In the long term, this could do irreparable damage to the federal government's ability to hire cybersecurity talent.

  • The unemployment rate for trained cybersecurity personnel is famously at 0%, the private sector pays better and the only advantage the government has in hiring is the importance of the work and the gratitude of a nation.
  • Willingness to shutter the government doesn't speak too highly to the perceived value of the job or its employees.
  • *Government people go to work because of the mission, and we’re kicking them in the teeth," said Phil Reitinger, president and CEO of the Global Cybersecurity Alliance.

Departments devoted to cybersecurity policies will grind to a halt.

  • The National Institute of Standards and Technology, which is developing a widely awaited privacy framework, is seeing its staff reduce to 49 out of its normal cohort of roughly 3,000 employees.
  • The Department of Homeland Security's newly christened Cybersecurity and Infrastructure Security Agency will be without a substantial amount of support staff. By DHS' tally, 43% of the workforce — over 1,500 employees — are furloughed.

Security-related investigations and prosecutions at the FBI and Department of Justice will continue with all employees carried over.

The bottom line: Furloughing cybersecurity staff creates both short-term and long-term vulnerabilities.

  • "Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown," said Lisa Monaco, former assistant to the president for homeland security and counterterrorism.

Go deeper: The fear of a painful shutdown is kicking in

Editor's note: This story has been updated with Phil Reitinger's statement.

Go deeper

Axios
Updated 38 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 4 p.m. ET: 12,813,864 — Total deaths: 566,790 — Total recoveries — 7,046,535Map.
  2. U.S.: Total confirmed cases as of 4 p.m. ET: 3,286,025 — Total deaths: 135,089 — Total recoveries: 995,576 — Total tested: 39,553,395Map.
  3. States: Florida smashes single-day record for new coronavirus cases with over 15,000 — Miami-Dade mayor says "it won't be long" until county's hospitals reach capacity.
  4. Public health: Ex-FDA chief projects "apex" of South's coronavirus curve in 2-3 weeks — Coronavirus testing czar: Lockdowns in hotspots "should be on the table"
  5. Education: Betsy DeVos says schools that don't reopen shouldn't get federal funds — Pelosi accuses Trump of "messing with the health of our children."
Go deeper (<1 min. read)Arrow
Jacob Knutson
46 mins ago - Politics & Policy

11 GOP congressional nominees support QAnon conspiracy

Lauren Boebert posing in her restaurant in Rifle, Colorado, on April 24. Photo: Emily Kask/AFP

At least 11 Republican congressional nominees have publicly supported or defended the QAnon conspiracy theory movement or some of its tenets — and more aligned with the movement may still find a way onto ballots this year.

Why it matters: Their progress shows how a fringe online forum built on unsubstantiated claims and flagged as a threat by the FBI is seeking a foothold in the U.S. political mainstream.

Go deeper (3 min. read)Arrow
Fadel Allassan
4 hours ago - Politics & Policy

Lindsey Graham says he will ask Mueller to testify before Senate

Photo: Tasos Katopodis/Getty Images

Senate Judiciary Chairman Lindsey Graham (R-S.C.) tweeted Sunday that he will grant Democrats' request to call former special counsel Robert Mueller to testify before his committee.

The big picture: The announcement comes on the heels of Mueller publishing an op-ed in the Washington Post that defended the Russia investigation and conviction of Roger Stone, whose sentence was commuted by President Trump on Friday.

Go deeper (1 min. read)Arrow