The partial government shutdown in the US is impacting the agencies and services adversely. Now, cybersecurity has also become a part of that lengthy list.
Several significant personnel of defense and law enforcement were required to work even without payment. Some cybersecurity agencies have reduced staff and are managing somehow.
The National Institute of Standards and Technology (NIST) and Cyber-Security and Infrastructure Security Agency formed by the Department of Homeland Security are among the agencies which are working with reduced staff.
Threat factors are continuously increasing due to the impasse on border security. Huge resources and full capabilities of the federal government would be required to prevent them from conducting malicious activities against the private and public sector targets.
Some effects of the shutdown are short termed. For instance, as per reports, TLS certificates of around 130 US government websites have expired. This could lead to security certification lapses.
Other effects of the government shutdown are long term. Following these events, fewer cybersecurity professionals are considering their career when it comes to working with the federal government.
The cybersecurity professionals need to be more vigilant if they are working with government agencies or private companies till the time shutdown continues.
NIST’s Cyber Security Guidelines and Access
NIST website is not working properly ever since the government shutdown on 22 December. Any security professional who has visited the website is aware that it has not been updated due to lack of government funding. Cybersecurity documentation is also on hold.
These cybersecurity standards are used by the security professionals of the private sector. They use them as a framework to architect the security program of the organization. This includes which security tools are to be used and how the security technologies must be implemented like encryption schemes. No access to such documents adversely affects the ability of the company to implement and develop robust security measures.
Those who make the effort to follow appropriate measures and guidelines won’t be able to do so.
Difficult to detect the Attackers
The professionals of the security department will have a huge backlog of threat alerts and log files to review when the shutdown period is over. There are high chances that the recent alerts and log files will be given priority over the older ones. So it is highly likely that the older ones may never get reviewed due to time constraints.
Weakened Security due to Password Resets
It won’t be easy for the furloughed workers to remember their passwords when they join back. This would lead to thousands of password resets. Otherwise, also, the employees would be required to change their passwords at regular intervals.
The password management policies may be relaxed by the help desk to deal with password reset requests. These policies may be convenient for the employees, but they will ultimately weaken the security system.
Difficult to fill Cyber Security positions of the Government Sector
The government shutdown will make the recruiting efforts even more difficult. There is already a shortage of cybersecurity talent across the private and public sector. It is difficult to find qualified security workers and harder to retain them. Any security professional would have an easy choice between the steady pay-check offered by a company or work for weeks without pay working for the government.
The shutdown is also hurting the morale of the cybersecurity professionals working in the current federal government. The security professionals are dedicated, talented and keep public service as their priority. But they also got bills to pay. These professionals have enough challenges to face each day, apart from their pay.