Week ahead: How shutdown impacts cyber world

Week ahead: How shutdown impacts cyber world
© Greg Nash

A partial government shutdown is entering its third day on Monday after lawmakers were unable to reach a deal on a short-term funding bill.

The House passed a monthlong continuing resolution to fund the government, but Senate Democrats opposed the measure, holding out for a fix to protect immigrants brought to the country illegally as children, who could face the threat of deportation.

The blame game heated up over the weekend, with both sides digging in.

Many federal employees deemed "nonessential" are furloughed, meaning they can't come to work. Others deemed "exempt" will report to work, but won't be paid right away.


When it comes to cybersecurity, many federal employees are likely to still report to work. For example, more than half of the employees at the Department of Homeland Security's (DHS) cyber and infrastructure protection wing, the National Protection and Programs Directorate, are expected to be exempt from furlough, according to the department's contingency plan.

Still, many agencies are likely to see their information technology (IT) and cybersecurity departments pared down during the shutdown, which could potentially negatively impact operations. Each agency has a shutdown plan, written in consultation with the Office and Management and Budget at the White House.

"As agencies continue adding to their networks, like cloud and mobile, they are increasing the attack surface that federal [chief information officers] are mandated to defend from cyberattacks," said James Hayes, vice president of global government affairs at cybersecurity firm Tenable. "Being forced to operate at [fiscal] 2017 funding levels, or through a shuttered government, only makes the job of protecting federal networks harder and unnecessarily stalls plans to implement modern IT solutions." 

Lawmakers are also likely to pass another short-term continuing resolution (CR) when they do agree on how to fund the government. Experts and industry representatives have long warned that these short-term funding bills hinder the federal government's ability to invest in information technology and embark on new programs. 

"With the already fragile state of cyber operations at DHS under the current CR, a government shutdown increases the risk factor for the country exponentially, with less eyes and ears working an everyday complex threat," James Norton, a former Homeland Security official and expert in cybersecurity, said. "Yes, there will be essential staff still on site but it is a reduced security forces or skeleton staffs that are left to fight fires."

"Cyberattacks will continue with or without a budget, however, the risks at nonsecurity agencies are even higher, as they are not necessarily prepared to deal with security risk in the cyber world with staffs that may not necessarily be considered essential," Norton added.

With the shutdown in effect, most committee activity will be suspended in the coming week. The House was not scheduled to be in session, but lawmakers stayed through the weekend in case a deal is reached.

One effort that will not be affected by a shutdown is special counsel Robert MuellerRobert (Bob) MuellerAn unquestioning press promotes Rep. Adam Schiff's book based on Russia fiction Senate Democrats urge Garland not to fight court order to release Trump obstruction memo Why a special counsel is guaranteed if Biden chooses Yates, Cuomo or Jones as AG MORE's investigation into Russia's election interference. The Justice Department confirmed that employees with the special counsel's office are exempt from furlough because their paychecks do not rely on annual appropriations.

Cyber-focused events in Washington next week include an address from CIA Director Mike PompeoMike PompeoSunday shows preview: US reaffirms support for Ukraine amid threat of Russian invasion Pence to deliver keynote at fundraising banquet for South Carolina-based pregnancy center Russia suggests military deployments to Cuba, Venezuela an option MORE, who is scheduled to speak at the American Enterprise Institute on intelligence and national security challenges on Tuesday.


In case you missed them, here are some of our recent pieces:

GOP reps demand release of 'shocking' surveillance memo

Kaspersky files injunction challenging government's software ban

'Steele dossier' firm suspected Trump-Russia money laundering

House votes to restore State cyber office, bucking Tillerson

Senators unveil bipartisan push to deter future election interference

Russian hackers move to new political targets

North Korean hacker group linked to cryptocurrency attacks in South Korea

Researchers identify Android malware that can 'spy extensively'

DHS giving 'active defense' cyber tools to private sector, secretary says