- Cybersecurity experts are warning that the US is at greater risk of attack during the record partial government shutdown.
- A spokesman for the Cybersecurity and Infrastructure Security Agency told Business Insider that it had “ceased a variety of critical cybersecurity and infrastructure protection capabilities.”
- They confirmed that many workers who monitor the nation’s defense systems are off work.
- Experts also worry that systems aren’t being upgraded or repaired and that the absence of so many others could still leave the US at risk.
- “In a stalemate over how best to secure America’s southern border, the Trump administration has endangered the integrity of one of the country’s even more important frontiers,” MIT’s Technology Review said.
The partial US government shutdown is thought to be putting the nation at serious risk of cyberattack, as many employees who monitor the nation’s defense systems are not at work.
In an email to Business Insider, a spokesman for the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, admitted that officials have “ceased a variety of critical cybersecurity and infrastructure protection capabilities” during the shutdown.
He said that an estimated 1,523 of the agency’s 3,531 employees – 43% – were not working during the shutdown.
Workers deemed essential still have to come to work. but experts warn that the staff reduction means that the country is at greater risk of falling victim to a major attack and falling behind in the cyber arms race.
Mike O’Malley, the vice president of strategy at the cloud defense firm Radware, told CBS News that with the shutdown, the US had “laid out the welcome mat to any and all nefarious actors.”
“Unfortunately, we know all too well from experience that hackers, especially nation-state sponsored, have a high level of patience and are willing to lie in wait for the most opportune moment to strike,” he said.
The US has identified Russia, China, Iran, and North Korea as the nations that pose the biggest cybersecurity threats.
MIT’s Technology Review, citing a report from Duo Security, said that said 85% of staff members at the National Institute of Standards and Technology had also been furloughed.
“In a stalemate over how best to secure America’s southern border, the Trump administration has endangered the integrity of one of the country’s even more important frontiers,” MIT’s Technology Review said.
The shutdown is the longest in US history. Thursday is day 27.
It began December 22 after Democrats refused President Donald Trump’s demand that a spending bill to keep the government open include billions of dollars in funding for a wall along the southern US border.
O’Malley told CBS that this had created the perfect situation for hackers.
“Any department that has sensitive information that can be used in espionage or fraud would be hit hardest by an attack, such as the Department of Homeland Security, State Department, and all of the intelligence services,” he said. “The risk is not only for short-term data theft but also injection of longer-term persistent attacks.”
Experts believe the loss of so many staff members creates a risk.
Andrew Grotto, who served as a White House cybersecurity adviser in both the Obama and Trump administrations and now works for Stanford’s Hoover Institution think tank, told the news website Axios that there were already staff shortages when it came to maintaining the security of government networks.
“Defending federal networks is already an act of triage, due to personnel shortages, legacy IT overhang, uneven risk-management practices, and a hostile threat environment,” he said. “Furloughs make a hard job even harder.”
Bryson Bort, the CEO of the cyber defense firm Scythe who is also a fellow at the National Security Institute, also told CBS that the reduced staff in the US’s cyberdefense institutions left the country at greater risk.
“Monitoring is probably not happening at 100% of usual operations, which means that there is an increased chance that malicious activity may not be spotted,” he said.
In a 2018 report, the Trump administration estimated that malicious cyberactivity cost the US economy $57 billion to $109 billion in 2016. It said cyberattacks against critical infrastructure sectors could be “highly damaging” to the US economy.
The shutdown will also hinder the US’s ability to upgrade and repair its defense systems, a former Pentagon official named Dave Mihelcic told CBS. Now the chief technology and strategy officer for Juniper Networks, he used to be chief technology officer of the Pentagon’s Defense Information Systems Agency.
MIT’s Technology Review also noted that workers could seek out more stability, and probably more pay, by quitting for the private sector.
This happened after the 2013 shutdown, the Review said, noting that “the drain on talent was felt for years.”