The 34-day government shutdown has created huge backlog of unattended security tasks that may take weeks to unclog.
But the lasting effect of the shutdown might be the drain on the institutional knowledge that is likely to happen if key cybersecurity personnel leave government service for the private sector because of the uncertainty over federal paychecks.
Lily Hay Newman reported on the security implications of the federal shutdown for Wired:
…IT managers and cybersecurity analysts will have to dig out from weeks of systems logs and automated threat alert data while also attempting to resume full operations. The bigger the backlog, the harder it will be to catch up.
“Each day multiplies the added impact,” says Michael Borohovski, cofounder of web security firm Tinfoil Security. “It’s going to take even more effort for groups and agencies to get back up and running and get up-to-date with the latest threats and concerns, setting us back significantly.”
The shutdown is even hindering progress on implementing cybersecurity-related legislation. For example, the 21st Century Integrated Digital Experience Act, passed on the day the shutdown started, aims to standardize government websites across agencies and create a baseline for consistent security defenses. The law gave agencies 180 days to meet the requirements. Similarly, the SECURE Technology Act includes deadlines that will now be difficult to meet. Some relate to establishing vulnerability discovery and remediation programs at DHS, while others have to do with supply chain monitoring procedures to tighten oversight of hardware parts in electronics.
