Cybersecurity: A Casualty of the Government Shutdown
Cybersecurity Should Never Stop
To protect always-on networks and systems, cybersecurity must be a 24/7 operation. Any lapse in that protection can lead to disastrous consequences as defenses falter and gaps in the armor show themselves to would-be intruders. But what happens when the resources just aren’t there? What happens when a government shutdown impacts the very departments that protect government networks? To be honest, we’re not exactly sure.
Currently, according to a report by Duo, about 45% of the Cybersecurity and Infrastructure Security Agency (part of DHS) has been furloughed, along with approximately 45% of Homeland Security’s analysis and operations staff, and almost 85% of NIST staff. While many organizations affected by the shutdown are running through the last of the budget they already have, it is frightening to consider what will happen as money runs out.
The Ripple Effect
When something major happens, like a natural disaster or shutdown of the government, effects ripple out and are felt for quite some time. Of course, the most immediate effects of the shutdown are felt by government employees who are forced home to sit and wait or those expected to work without compensation until the shutdown ends. Burnout amongst cybersecurity personnel is already an issue, and suddenly being furloughed will only add to that stress. Additionally, those who are well trained and working for the government often are eyeing positions in the private sector. When these same people are home or not getting paid, leaving the government seems like an even better prospect.
During the 2013 shutdown, “There was a bigger exodus than normal,” noted Jake Williams, a former NSA employee who now owns his own cybersecurity company. This is the second big government shutdown in less than 6 years. Those who felt the added strain last time might not put up with it this time. The exodus, as Jake put it, might be even larger this time.
But, as alluded to, the acute effect of people out of work is not the only effect. When agencies shut down, everything they do is paused. FIPS validation sites (CAVP and CVMP), for example, are closed, so devices and software which might have helped all our cybersecurity programs will have to wait to be tested. Anything which slows down the advancement of cybersecurity gives a de facto advantage to those working against us. Plus, many private contractors have had their work equally affected, further degrading the cyber community’s professional representation.
What Happens After?
This is a question which government cybersecurity will have to navigate for quite some time after the shutdown ends. Now that government has been reopened, it’s not as if everything will magically start back up where it left off. There is a backlog of work, probably (most likely) some employee vacancies, and a massive attempt to restore morale. It will take a lot of hard work, and hopefully those who do it will get the support and appreciation they deserve.
Contact Dexter Edward today and learn how our solutions can ease the present pain and propel your organization into the future of cybersecurity.