The nation’s cybersecurity may have dodged a bullet as Congress met Saturday night. passed bill Keep the federal government open for the next 45 days. The stopgap measure was sent to President Joe Biden for his signature.
The government shutdown would have had an immediate and far-reaching impact on many government activities, including the efforts of federal agencies to protect the nation from cyberattacks. Depending on how long the self-inflicted emergency lasted, its ripple effects could have created a crisis for businesses and organizations across the country.
Decline in cybersecurity
“Mass furloughs associated with the government shutdown will reduce cybersecurity across the nation’s software supply chain, including critical infrastructure, transportation, health care, and energy,” according to a statement from Optiv Managing Partner Justin Williams. Dark Reading reported.
In the hours leading up to the potential government shutdown, the Cybersecurity and Infrastructure Security Agency was prepared to furlough more than 80% of its staff, the paper reported. federal news network.
“The ability to provide timely, actionable guidance to partners to protect their networks would have been diminished,” the report said. Department of Homeland Security.
CISA is “suspending both physical and cybersecurity assessments for industry partners, including government and election officials, and is suspending both physical and cybersecurity assessments for industry partners, including government and election officials, and for wealthy cyber sectors that are prime targets for ransomware, such as water, K-12, and healthcare.” It would have been forced to “target poor sectors.” ” officials warned before tonight’s passage of the bipartisan funding bill.
Chris Cummiskey, a former senior official at the Department of Homeland Security, said: “As the number of cyber incidents and attack vectors continues to increase, we as a nation need to understand what it means to keep our cyber agencies at such low levels of activity.” I don’t think I thought about it,” he said. regarding the closure plan,” he told Federal New Network.
good news and bad news
“The good news is CISA’s operational track record, operational scans, and real cyber warriors on the keyboard,” said Matt Hayden, a former DHS and CISA official who wouldn’t miss it. Said.
“The bad news is that there is a lot of collaboration with industry and there are exercises going on with sector leadership, but the nature of the shutdown means that no critical flags will be raised and it will be suspended for however long. There are efforts to be made.” Shutdowns take time. ”
However, there is no guarantee that the country’s protection from cyberattacks will not be at risk again when the government’s temporary funding runs out in November.
“It could have far-reaching consequences.”
“When it comes to cybersecurity, a government shutdown can have far-reaching effects.” Jeffrey WellsCyber risk experts at risk services firm Seven Sigma said in an email.
“The exact impact on cybersecurity during a shutdown depends on a variety of factors and may vary from shutdown to shutdown. These ideas are based on experience with past shutdowns, but it is important to note that the very It highlights real risks. [a] It’s a government shutdown,” Wells said.
“These risks extend beyond the public sector and can impact the private sector, particularly in the area of cybersecurity. “This should serve as a stark reminder that you may be more vulnerable to cyber threats than others,” Wells warned.
Private sector protection
Heather Booker, a cybersecurity expert at 6 Clicks, a cyber risk and compliance firm, said, “Despite our reliance on the U.S. government and its role in protecting cybersecurity, the private sector is There are quite a number of steps that can be taken to protect.” I told him via email.
She said those safeguards include:
- Enhancing good internal cyber governance by having relevant policies, procedures, and internal controls in place.
- Develop and maintain procedures to immediately respond to cyber risks.
- Maintaining cyber-related infrastructure and systems.
practice, practice, practice
All businesses and organizations should consider the impact of future government shutdowns in their crisis management and crisis communication plans.
As you conduct exercises, drills, and simulations, remember to practice responding to these scenarios to ensure your plans work when you need them.
follow me twitter or linkedin. check out my Website or my other works here.