Government Shutdown Could Bench 80% of CISA Staff – Source: www.securityweek.com

Roughly 80% of the staff at US cybersecurity agency CISA may be sent home at the end of the week as a government shutdown looms. 

The US government will partially shut down on Sunday unless lawmakers reach a deal on a funding bill. A shutdown will result in the furlough of hundreds of thousands of non-essential federal employees and the suspension of many services.

The Department of Homeland Security has announced the number of employees that would stay on during a shutdown for each of its agencies. In the case of CISA, which had 3,117 employees as of June 17, only 571 would remain during a lapse in appropriations. This means that more than 80% of its workers would be furloughed.

“Following notification of the lapse in appropriations, the non-exempt CISA staff will need four business hours to complete an orderly cessation of all other activities,” the DHS said. 

A government shutdown can have a significant impact on cybersecurity, including increasing criminal activity, failure to renew digital certificates, failure to deploy security patches, and denting the government’s ability to recruit talent. 

In CISA’s case, the agency plays an important role in protecting the government and the private sector against cyber threats. 

This includes issuing warnings over actively exploited vulnerabilities, helping investigate high-impact cyberattacks, creating guidance, aiding critical infrastructure organizations beef up their security, conducting cyber exercises, and assisting with incident response. 

“The silver lining for cybersecurity in any government shutdown is that most government personnel involved with cybersecurity operations are likely to be classified as essential and will be exempt from furlough. These would include roles like security monitoring and incident response, but generally not roles like security governance,” commented Jake Williams, veteran cybersecurity expert and faculty at IANS Research. 

“The dark cloud is that in many government agencies, large percentages of the tactical security operations work is performed by contractors, who have historically not had the same exemptions to remain in place. In any shutdown scenario, there will be fewer staff available for security monitoring and response,” Williams added.

In the case of CISA, Williams told SecurityWeek, “I think it’s important to distinguish tactical network security operations (monitoring and incident response) from strategic program development and governance. The latter, which makes up the vast majority of CISA’s mission, will almost certainly be furloughed. The former will still see staff furloughed, but what I’m trying to communicate is that we shouldn’t be thinking furloughs mean that security ops centers just all stop functioning because everyone goes home. That didn’t happen in the last shutdown and it won’t happen here either.”

Max Shier, CISO at Optiv, noted, “The furlough affects more than just the government agency workers, it also affects all of the contractors that support the agency as well, as the funding for all contracts would be affected.”

“The longer-term affects could be the difficulty of retaining staff and recruiting new employees as there could be a fear of future furloughs.  This is an extremely important consideration as there are already a shortage of cybersecurity practitioners, and any movement of personnel out of the government vertical could significantly exasperate the problem.  I personally had been affected by a previous furlough when I worked for the Government, and it was one of the determining factors for me to find other work,” Shier added.

Landen Brown, Federal CTO at Symmetry Systems, also commented, telling SecurityWeek, “Gone are the days that looming government shutdowns only impact our government workers’ pay. With top cybersecurity leaders and our presidential cabinet aggressively pursuing the 2023 Cyber Strategy plan, government shutdowns now impact our ability to maintain cyberspace capability and defense. Many cyberspace operators will be absent from critical operations, and those remaining Tier 1 personnel will be tasked with doing the mountainous job of many, often without pay.  Today, our adversaries recognize this. It is of the highest importance that our political leaders come together at this time to avoid granting our adversaries the ability to operate in relative freedom and hinder our ability to be prepared to fight and win our Nation’s wars.”

*updated with comments from Max Shier and Landen Brown

Related: CISA Unveils New HBOM Framework to Track Hardware Components

Related: Faster Patching Pace Validates CISA’s KEV Catalog Initiative

Related: CISA Hires ‘Mudge’ to Work on Security-by-Design Principles

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation