The potential government shutdown in the US could have serious implications for federal cyber programs, including the Cybersecurity and Infrastructure Security Agency (CISA) [1] [2] [3] [4] [5] [6].
Description
If Congress does not pass a budget by the Oct. 1 deadline [4], CISA could face mass furloughs [4], potentially resulting in the loss of 80% of its employees. This would leave the lead U.S. [5] cyber agency with a skeleton crew to respond to attacks on federal agency networks and critical infrastructure [5]. Sectors such as water [1], K-12 education [1], and healthcare [1], which are often targeted by ransomware attacks [1], would be particularly at risk. The consequences could include patients being turned away from hospitals and small businesses closing down [2]. However, there is hope that exceptions could be made for essential CISA employees to minimize the impact on federal cybersecurity operations.
It is worth noting that the last government shutdown in 2018-19 had a chilling effect on national cybersecurity [2], with numerous government web certificates expiring without being renewed [2]. During a government shutdown [1] [2] [3] [4] [5], only a fraction of CISA’s employees would continue working, leaving the majority of the agency’s staff at home [3]. This reduced workforce would limit CISA’s capabilities to urgent and reactive tasks [3], potentially putting critical infrastructure and national security at risk [3]. Experts warn that the longer the shutdown lasts, the greater the chance for adversaries to exploit vulnerabilities and cause significant impact [3].
A reduced staff at CISA means that proactive cybersecurity work [5], such as analyzing threats and communicating with other agencies and the private sector [5], would be limited [5], leaving the country vulnerable to foreign adversaries [5]. While a government shutdown would not be new to CISA [5], it poses challenges in terms of morale and work priorities [5]. CISA has grown rapidly in recent years and has been relied upon to respond to cyber attacks on the government and critical infrastructure [5]. However, a government shutdown may impact employee morale and attrition [5], as the appeal of a stable government job diminishes in the face of uncertainty [5].
Conclusion
The potential government shutdown in the US poses significant risks to federal cyber programs, particularly the Cybersecurity and Infrastructure Security Agency (CISA) [1] [2] [3] [4] [5] [6]. The loss of 80% of CISA’s employees through mass furloughs would severely limit its ability to respond to cyber attacks on federal agency networks and critical infrastructure. Sectors such as water [1], K-12 education [1], and healthcare would be particularly vulnerable to ransomware attacks. The consequences could include patients being turned away from hospitals and small businesses closing down [2]. While exceptions may be made for essential CISA employees, the longer the shutdown lasts [3] [4], the greater the chance for adversaries to exploit vulnerabilities and cause significant impact [3]. The reduced staff at CISA would limit proactive cybersecurity work [5], leaving the country vulnerable to foreign adversaries [5]. Additionally, a government shutdown may impact employee morale and attrition [5], posing challenges for CISA’s future operations.
References
[1] https://www.dhs.gov/news/2023/09/28/fact-sheet-impact-government-shutdown-dhs-workforce
[2] https://www.infosecurity-magazine.com/news/us-lawmaker-government-shutdown/
[3] https://www.meritalk.com/articles/dhs-shutdown-plan-sidelines-79-of-cisa-staff/
[4] https://www.darkreading.com/cloud/government-shutdown-poised-to-stress-nation-s-cybersecurity-supply-chain
[5] https://majordigest.com/tech/2023/09/26/government-shutdown-would-force-cisa-to-furlough-more-than-80-of-staff/
[6] https://www.govexec.com/management/2023/09/democrats-fear-cyberattacks-government-shutdown-looms/390698/