Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

US Government Shutdown Creates Serious Cyber Risks: Experts

Government Shutdown Effect on Cybersecurity

Government Shutdown Effect on Cybersecurity

Facing Government Shutdown Cybersecurity Challenges Requires Strong Planning, Risk Assessment

It has been nine days since the federal government began sending employees home on furloughs due to the stalemate in Congress.

During that time, several government websites have either shutdown completely, like usda.gov, while others have curtailed their operations while remaining publicly available. In a less visible side effect, NSA Director Keith B. Alexander said Tuesday that the morale of the country’s cybersecurity workforce is suffering.

Unfortunately, during those nine days, it is unlikely that attackers – both sophisticated and not – have taken furloughs of their own – a reality that caused federal chief information officer Steven VanRoekel to tell the Wall Street Journal he was afraid that hackers could seize on the staffing gaps to compromise U.S. systems.

“If I was a wrongdoer looking for an opportunity, I’d contemplate poking at infrastructure when there are fewer people looking at it,” he told the Journal Oct. 2, noting that while critical workers were spared, most federal sites are being run on a “skeleton crew.”

Advertisement. Scroll to continue reading.

Mitigating the threat posed by this type of scenario for government agencies begins with proper planning and risk assessment, security experts told SecurityWeek.

“A scenario like the one we are experiencing today should have been rehearsed as a part of the business continuity program,” said TK Keanini, CTO at Lancope. “Some agencies have contracted external help and I would guess the same applies to critical Internet Infrastructure but I may be wrong.  For those systems still running on a skeleton crew, a known good snapshot taken before the shutdown is insurance to return to a known good state should something happen during the shutdown.”

Organizations should make a list of updates that were released during the shutdown that will need to be applied when people return to work. They should also ensure their detection tools have adequate retention so that any event can analyzed retroactively, he said.

“It is critical that agencies rehearse these very likely events,” he said. “Roundtable exercises with these scenarios help the agency understand all of the interdependencies and communication channels well before it is a real event.”

.Gov ShutdownThe most effective strategies for dealing with a shutdown situation feature a basic inventory of people, assets and processes along with risk scoring of that inventory customized for each organization, said Larry Slobodzian, senior solutions engineer at GRC vendor LockPath.

 “In every case, the most effective strategies seem to include two things: leadership involvement and proactive testing/continuous monitoring,” he said. “In the first factor, leaders who show interest in continuity planning, provide clear guidance, monitor key performance indicators, and hold their teams accountable for results have so far enjoyed a quieter and slightly less stressful event.”

Before the shutdown, VanRoekel said he advised U.S. agencies to exempt cybersecurity staff that monitor computer networks for attacks. Still, most of the staff responsible for responding to cyberattacks were furloughed, he told the Journal.

It only makes sense for attackers to try to seize on that opportunity, Slobodzian said.

“For instance, there are fresh vulnerabilities that may not be patched as quickly as normal,” he said. “More sophisticated attacks that require expert analysis to identify may stand out more while authorized traffic is reduced. However, if the expert analysts are furloughed or understaffed the sophisticated attacks may be more successful. Oftentimes it is necessary to undergo the time-consuming task of log analysis to catch a sophisticated attack. A shutdown will require some security teams to limit or delay their analysis of logs, making innovative attacks more likely to succeed.”

With advanced threats, now is a great time to compromise a host and lay low for a while, Keanini said. Attacks are still triggering alerts – just with less people around to process security-related events.

“Another weakness during times like this is that people are easily fooled given that nothing is normal,” he said. “Traffic patterns are different, the person staffing the desk may be different, with all this change, social engineering attacks can be very effective.”

The good news is that with less activity, unauthorized or inappropriate actions may be easier to spot. Still, it is important not to underestimate the number of active campaigns attempting to inflitrate government networks, noted Tom Kellermann, vice president of cybersecurity at Trend Micro.

“Every day we deal with this shutdown they move laterally and infest another critical host of the United States government,” he said.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...