Get My Score

Cybersecurity Risk

Cybersecurity and Homeland Security

The Damage A Second Shutdown Will Cause

Just over a month ago, we wrote about the potential impact of the government shutdown on our national cybersecurity posture--much like going off on vacation and forgetting to lock all the doors. And as expected, impacts were:

  • Externally visible, such as website TLS expirations and the associated security risks that come along with that.
  • Internally painful, including the inability to effectively respond to day-to-day threats and the vulnerabilities the agencies are still dealing with today.
  • Long term crippling, breaking down the confidence of mission-critical government employees and the belief that their careers are secure and that their actions are valued.
    • Some of the critical agencies caught up in the shutdown: the Cybersecurity and Infrastructure Security Agency, the U.S. Secret Service at DHS, the FBI and computer crime prosecutors at DoJ, and Commerce agencies (NIST, NTIA, and the NCCoE).

Even though the shutdown is over, many are still dealing with the financial impact and the potential windows it opened to future security threats.  Plus, some of those cybersecurity professionals who were considering a move to the private sector, are making their move.  Adding insult to injury, there have been multiple reports recently that many government agencies are in fact less secure than their civilian counterparts.

Yes, there are a number of initiatives underway to directly address the government skills shortage, and some proposals are on the table to expand the country’s artificial intelligence strategy to maintain and advance national security, but that’s for tomorrow.  What about today?

As of Feb 12th, it is still touch-and-go whether the government will be funded after Feb 15th.  Negotiations in Congress could still break down, or the resolution could be vetoed by the president.  So with our cybersecurity at risk, what immediate action should be taken to maintain our country’s CyberPosture? 

Irrespective of whether another shutdown occurs, the various government agencies need to take a step back and closely evaluate their security protocols. They need to identify critical systems and potential vulnerabilities and add them to the set of assets that are monitored and maintained 24x7, independent of what happens on Capitol Hill. During the January shutdown, it was reported that security operations, software patching, and penetration testing all suffered, opening many windows to cyber attacks. Moving forward, agencies must introduce any and all possible security automation to ‘keep the lights on’ so-to-speak in the event of a repeat shutdown.  

Check out the Cavirin whitepaper, Accelerating Responses to Security Gaps Through Automation, for those looking to minimize the risks due to change management delays and manual processes.

0
0
0
s2sdefault

© 2019 Cavirin Systems, Inc. All rights reserved.