CyberEye

Blog archive
bomb

Is the shutdown promoting a false sense of cybersecurity?

We’re approaching the end of the second week of the federal shutdown and so far there have been no cyber crises. This is the point in the movie where the hero says, “It’s quiet out there. Almost too quiet.”

We should not assume that because we haven’t seen major actions against our IT systems that nothing is happening. If we have learned anything from experience it is that the breaches we don’t see are far worse than the ones we do, and there’s no reason to believe that stealthy intrusions are less likely now that staff, funding and other resources have been cut to the bone.

The United States is the number one target in an ongoing global cyber cold war and that is not going to stop because Congress will not pass a budget.

“It is wishful thinking that in the current environment we are not going to be targeted and that a few people can manage all of that infrastructure,” said Vijay Basani, CEO of EiQ Networks, which provides security intelligence tools and services to the government.

Since Oct. 1, shuttered websites have been sending the wrong message to our enemies and our friends about our commitment to cybersecurity. A particular concern: Online versions of the National Institute of Standards and Technology’s cybersecurity guidance are unavailable and NIST’s work on a cybersecurity framework for critical infrastructure, due Oct. 10, has been halted, unfinished.

Yet our IT systems have not disappeared. Patching and monitoring cannot get the same level of attention as during normal operations and dealing with cybersecurity as a crisis rather than a process is bad policy and bad security.

Essential crews remain at work, but the morale of IT and security professionals still on the job without pay cannot be very good and the prospect of hiring qualified professionals in the future becomes bleaker by the day. What competent worker would choose to go to work for a dysfunctional government that won’t pay its bills as long as there are jobs in the private sector?

Basani warned that the impact of gridlock began even before the shutdown. The sequester cut into budgets before the end of the fiscal year, when  many  procurements and acquisitions are done. And contracts that were in place by the end of the year cannot be implemented, so upgrades and replacement of systems, components and security tools are  delayed. Meanwhile, the Homeland Security Department’s Continuous Diagnostics and Mitigation program, which was to be spurred by the award of 17 blanket purchase agreements in August, has been essentially put on hold until government can get back to business.

In short, as Basani said, “as much as politicians talk about cybersecurity, I don’t think they really understand the implications of the shutdown on cybersecurity.”

The best we can hope for is that those in charge learn from this experience and realize that cybersecurity should be outside the scope of political spitting matches.

The worst we can fear is that nothing is learned because there is no obvious cyber Armageddon and we do not see the cancer working its way through out systems.

Posted by William Jackson on Oct 11, 2013 at 1:00 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.