Shutdown Weakens Recruitment More Than Cyber Defenses, Ex-DHS Officials Say
Though critical cyber offices at the Department of Homeland Security are understaffed because of the partial federal government shutdown, DHS can manage its duties for now, former department officials told us. The bigger issue is that a dysfunctional government makes the public sector less attractive to cyber professionals, who already have more incentive to work in the private sector, they said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
DHS will be “OK” with limited staffing levels, said vArmour Chief Cybersecurity Strategist Mark Weatherford. The former DHS deputy undersecretary-cybersecurity noted, however, the shutdown is “degrading” the federal government’s ability to address cybersecurity, one of the most critical issues facing both sectors. “We need to get people back to work,” Weatherford said.
DHS’ newly created Cybersecurity and Infrastructure Security Agency (CISA), which defends U.S. critical infrastructure against cyberthreats (see 1811160045), is operating with about 57 percent of its full staff, per an agency shutdown plan. The National Cybersecurity and Communications Integration Center, the U.S.’s cyber incident response hub, is operating with 80 percent, a DHS spokesperson said. Furloughed personnel are almost exclusively administrative and support staff.
Staffing levels aren't ideal, but experts are more concerned about the impact on competition with the private sector for cybersecurity talent. Companies have been opportunistically advertising that workers who join the private sector won’t need to worry about future furloughs, said Weatherford.
Federal cyber risks associated with the shutdown have been “wildly overstated,” said Center for Strategic and International Studies Senior Vice President James Lewis. If the shutdown continues for more than a few weeks, it could create new opportunities for Russian and Chinese hackers, he said, noting employees working from home are particularly susceptible because their machines are typically less protected. “Government networks shouldn’t be getting much use, so if anything, they might be easier to defend with a skeleton staff,” Lewis said.
The shutdown disrupts work on protecting federal systems and increases the risk of cyber harm to networks, said Open Technology Institute Surveillance and Cybersecurity Policy Director Sharon Bradford Franklin. It also compounds the problem that an already strapped agency like the FTC can’t possibly address all consumer-related issues across the economy, she said. The FTC continues to not respond to media inquiries during the lapse in funding, which began there after Dec. 28 (see 1812270042).
Several FTC Office of the Chief Information Officer employees are exempted from furlough to ensure agency IT infrastructure security and the ability to complete “essential law enforcement actions,” said the agency’s plan. It describes how employees need to power off systems to protect infrastructure and data.
Unmonitored networks provide a “ripe” environment for malicious targeting by hostile actors, CyberVista Chief Cybersecurity Officer Simone Petrella emailed. “While not a perfect solution, the FTC dismantling some of their infrastructure appears to be an attempt to mitigate against this threat.”
Nearly half of DHS CISA staff are furloughed, but that's mostly support staff, said Red Branch Consulting founder Paul Rosenzweig. The former DHS deputy assistant secretary said minute-to-minute impacts of having a smaller staff aren't as concerning as issues like procurement, with major acquisitions likely delayed. He agreed this makes the public sector less attractive to potential employees: “Google pays four times as much.”