02:00 PM

Shutdown Heightens Cybersecurity Risks, Feds Warn

Federal officials say shutdown is invitation to hackers and puts nation at risk.

Senior federal officials are voicing concern that the partial shutdown of federal operations and the furlough of thousands of cybersecurity and intelligence specialists are an open invitation to hackers to exploit security vulnerabilities.

Federal CIO Steven VanRoekel says he fears the reduced number of cybersecurity professionals on active duty across federal agencies gives hackers greater opportunities to move about within agency IT networks and heightens the risks agencies already face that their systems could be compromised.

"If I was a wrongdoer looking for an opportunity, I'd contemplate poking at infrastructure when there are fewer people looking at it," VanRoekel said in remarks to the The Wall Street Journal.

[ For more on how the federal government shutdown is affecting national security, see Government Shutdown Stalls Cybersecurity Legislation. ]

VanRoekel explained that while government shutdown plans exempt workers critical to national security, cybersecurity teams had been reduced to a skeleton crew. If agencies came under cyberattack specialists could be called in, but the loss of real-time response was a real concern, he told the Journal. "I have fewer eyes out there," he added.

VanRoekel, who oversees but has limited direct control over the $82 billion agencies spend on IT and cybersecurity annually, said he isn't able to assess what portion of the government's cybersecurity or IT workers overall have been furloughed. The decision of which employees have been exempted from the current shutdown is made on an agency-by-agency basis.

"The people I would have do that assessment are currently not working," he said, noting one of the many consequences of the government shutdown and its impact on the White House Office of Management and Budget, where VanRoekel works.

Meanwhile, director of national intelligence James R. Clapper, Jr. warned senators Wednesday that the government shutdown, coming on the heels of this year's sequestration cuts, will "further damage our ability to protect the safety and security of this nation and its citizens." Clapper made the remarks during testimony at a previously scheduled hearing on domestic surveillance before the Senate Judiciary Committee, where Chairman Patrick J. Leahy (D-Vt.) asked intelligence leaders to address the effects of the shutdown.

"I've been in the intelligence business for about 50 years. I've never seen anything like this," Clapper told the senators, according to Roll Call. Clapper said 70% of the intelligence community's employees had been deemed non-essential to their agencies' missions and subject to furloughs.

"Our nation needs people like this, and the way we treat them is to tell them, 'You need to go home because we can't afford to pay you,'" National Security agency director Gen. Keith B. Alexander told the lawmaker. "From my perspective, it has had a huge impact on morale." Sen. Lindsey Graham, (R-S.C.), noting that this is the first government shutdown since the terrorist attacks of Sept. 11, 2001, said the comments of Clapper and Alexander "scared the hell out of all of us," according to Roll Call's account.

"The government shutdown in a post-9/11 world is making this nation less safe," Graham said.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/10/2013 | 5:00:23 PM
re: Shutdown Heightens Cybersecurity Risks, Feds Warn
I am contractor for a Federal Agency employed as a cyber security incident responder. During this shutdown, I am going without pay, and unlike Civil Service employees, there has been no bill passed by the House to reimburse contractors for their lost wages.

This situation creates a very serious danger for our nation caused by a convergence of factors:

1)The information systems of the United States Government are under continual attack from sophisticated and well-funded foreign governments. At this moment, practically no one is working to repel those attacks. We are in fact engaged in a cyber war right now with several nations. And at this moment G no one is guarding the fort.

2)Under normal circumstances, the US Government has a serious shortage of trained personnel to maintain countermeasures to those cyber attacks. Most of the personnel that do exist are now furloughed contractors, who have no hope of reimbursement once they return to work.

3) Since the private sector has a similar shortage of trained cyber security personnel, it behooves those of us who are employed as Federal contractors to seek more reliable employment elsewhere. This will only increase the personnel shortage and exacerbate the risks to the information systems that are an essential part of Federal Government operations.

I have no doubt that several hostile foreign governments are currently celebrating their unfettered freedom to compromise the security and operational integrity of the Federal GovernmentGs computers and networks. And I am challenged to express in words how demoralizing it is to be considered Gǣnon-essentialGǥ and to be summarily tossed off our jobs and told to eek out an existence without pay.

Those of us who work as cyber security contractors for the Federal Government are generally paid less than our counterparts in the private sector. Patriotism and pride in our mission is a large part of our compensation. But pride and patriotism wonGt pay our bills, feed our children, or compensate for the lost wages caused by unreliable employment.
User Rank: Apprentice
10/3/2013 | 7:58:57 PM
re: Shutdown Heightens Cybersecurity Risks, Feds Warn
A neighbor of mine is the lead certified security executive responsible for network and cyber security at an agency that supports first responders. He is among those furloughed this week. From what I can tell, the skeletal crew left in charge lacks the depth or detail to know how to deal with a security breach. My neighbor, being the public servant he is, is always close to his phones (plural). But that doesn't give him -- or me -- a lot of assurance.

Just think: two Marine generals were just sacked for neglecting their base from attack. Who gets sacked IF/when federal agencies get attacked? Sadly, it won't likely be anyone in Congress.
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.