Experts comments below:
Francis Dinha, CEO at OpenVPN:
“With the government shutdown, our country’s cybersecurity is at risk — both in the short term and the long term. The immediate risk is, of course, a higher vulnerability to attack. Without a full support staff, those essential employees still working hard to maintain cybersecurity simply don’t have the resources they need. And while they’re no doubt incredibly skilled at their jobs — and passionate about their work — they’re still human, and expecting them to do the same, or more, work without the support they need is setting us all up for failure. In the long term, this shutdown is doing perhaps even greater damage to our country’s cybersecurity in terms of its workforce. Employees trained in cybersecurity are in incredibly high demand in the private sector; how can the government possibly hope to appeal to the high-level candidates we need if their job security is so deeply at risk?”
Logan Kipp, Technical Architect at SiteLock:
“The partial shutdown of the U.S. Federal Government has resulted in about 1,500 “non-critical” DHS Cybersecurity and Infrastructure Security Agency (CISA) employees being furloughed. The shutdown has caused inevitable delays on the agency’s progress toward becoming a formidable defender against would-be cybercriminals, especially since it has only been operational since last November.
CISA is unexpectedly having to cope with the loss of around 43% of its staff without any real indication as to when they will be able to return. This will undoubtedly impact their ability to implement significant changes and operate with contractors, which is critical when we’re talking about the cybersecurity landscape. The cybersecurity landscape can drastically shift not only between election cycles but on a day-to-day basis, requiring administrative bodies to be able to shift priorities with very little notice, if at all.
In the short term we can take some minor comfort in the fact that during this shutdown “critical” staff continue to work regularly so networks remain protected. Long term as a country we need to agree that cybersecurity is imperative to our national defense. We need to consider setting aside funding provisions specific to cybersecurity agencies such as CISA akin to the Department of Defense whose employees continue to be paid thanks to their budget being approved through a separate act.”