As we continue in our blog series responding to the rash of recent MSP attacks–believed to be launched by state-level threat actors–TRUE Digital Security Analyst Jenna Waters weighs in on the impact of the current US Federal Government shutdown on incidents such as these.
The partial federal shutdown has now lasted a total of 32 days, and the ramifications and impacts are being felt across the nation by furloughed government workers, federal employees working without pay, and closed federal offices. We are becoming more aware of the plights of trained workers who are having to do without paychecks, as well as the impact on the functioning of numerous public agencies. However, it may be a worthwhile endeavor to consider the agencies we are not hearing about in the news–those entrusted with our national security. Certainly, TSA employees calling in with growing frequency is a concern for travelers. However, what about information gathering and handling agencies such as the CIA, NSA, and DIA? How are they agencies fairing while many of their civilian employees are either working without pay or not working at all? Even after the government is able to return to normal functioning, what will they have to sift through to get back up to normal functioning? What can be done, on individual and corporate levels, to step up our own awareness and security posture to protect ourselves?
On Wednesday January 23rd, the FBI released a report stating that the federal shutdown has effectively “eliminated any ability to operate.” According to Laura Sydell with NPR the Cybersecurity and Infrastructure Security Agency, one of a handful of agencies leading the nation’s cyber defense, that agency has experienced a loss of 1,500 employees.Further, 85% of the National Institute for Standards and Technology–the organization responsible for coordinating government and private sector cybersecurity efforts–are currently furloughed.
Cybersecurity professionals are now speaking out and warning the public that the prolonged U.S. federal shutdown is impacting the cybersecurity of our nation. At least 130 U.S. government websites are operating with expired security certificates, the NIST (National Institute of Standards and Technology–the most widely accepted body of leadership in IT security guidance and standards) website is shutdown, and the number of IT professionals monitoring security threat alerts decreased in every sphere of the government. These are only minor examples of an oncoming tidal wave of security implications.
One accepted fact among security professionals is what experience has taught us– attackers never stop revising and sharpening their tactics and strategies. Nor do they ever cease looking for the next opening, gaps in their targets’ defenses. Even before the shutdown, US-Cert was issuing repeated warnings of known nation state attacks, such as the rash of MSP breaches affecting scores of private sector clients, which was attributed to Chinese state threat actors– and nation-state attackers in Russia, China, or North Korea are not going to halt their campaigns because our government is at a political stalemate.
In the past, attackers often preferred a “low and slow” strategy and spend months or years conducting reconnaissance and persistence activities to ensure a successful operation and avoid detection. However, the lack of talented manpower capable of identifying the subtle cues of a cyber breach may embolden these groups to worm more deeply into our critical national systems and infrastructure and potentially shortening the timeline for a successful attack on the United States.
The consequences for the national public are real and dangerous, if not entirely tangible to the general public. Even when the government reopens and employees return to work, IT staff will be inundated with 32 days’ worth of backlogged alerts and logs, system updates, vulnerability patches, and critical repairs before the U.S.’s cybersecurity operations may continue at full strength. And we may even see a mass exodus of government IT and cybersecurity staff. The dedicated people who defend our country from cyberattacks may take this moment in history to find higher paying, more secure (pun intended) jobs in the private sector, which will exacerbate an already expanding hole in the federal cybersecurity talent pool.
Currently, there is no end in sight for the federal shutdown. It is imperative, now more than ever, that private and public organizations across all industries are vigilant for indicators of a cybersecurity attack. If corporate security projects have been put on the back burner for later in the year, this would be a good time to reprioritize. Decision-makers would be wise to include the potential effects of this shutdown when defining their organizational and operational cybersecurity strategy for at least the next year, likely more. This federal shutdown is brewing the perfect cybersecurity storm, for which the real, long-term ramifications are yet to be seen.
If you would like to talk with someone about how you can bolster your current security strategy, please reach out to us at firstname.lastname@example.org.
National Public Radio, Shutdown Makes Government Websites More Vulnerable