Government Shutdown Threatens US Cybersecurity as 773 Million Passwords Go Public in Data Breach
As the partial federal government shutdown drags into its fourth week, America’s cybersecurity posture is weaker.
Wired Magazine reported yesterday that the government shutdown is impacting some government agencies’ ability to properly monitor, maintain, and safeguard critical information technology systems, which is leaving our nation more vulnerable to our adversaries’ cyberattacks. Once funding is restored, government cybersecurity professionals will need to mine through weeks-old data to search for threats and scramble to push out software updates and patches that were delayed during the shutdown.
Each Day the Burden Grows Exponentially
For each day the shutdown continues, the burden grows exponentially. The lapse also creates a greater window for adversaries to launch their attacks undetected.
At the same time, a record-setting 773 million passwords were made public last week in a data breach of extraordinary proportions. While there is no reason to suspect a connection between the breach and the government shutdown, the timing is inopportune due to the lack of certain government resources.
The National Institute of Standards and Technology (“NIST”), a non-regulatory federal agency that is responsible for maintaining and publishing key cybersecurity standards and protocols that are utilized by both the private sector and the public sector, is severely impacted by the shutdown.
With 85% of NIST’s employees furloughed and the agency’s funding lapsed, NIST’s website is no longer available. The documentation usually published on NIST’s website, such as the NIST Cybersecurity Framework and NIST’s new password standards that were released in 2017, cannot be accessed.
Routine Cybersecurity Enhancements No Longer Available
Public and private sector organizations that need to consult NIST’s best practices to strengthen their password policies in the wake of the breach – or even to conduct routine cybersecurity enhancements – are unable to do so until funding is restored and NIST’s website goes back online.
Hopefully, a bi-partisan solution to the partial government shutdown will be reached in the near future. But with some leading cybersecurity firms now openly questioning whether the government will be able to competitively recruit and retain top cybersecurity talent, it appears that the short-term and long-term ramifications of the shutdown on our nation’s cybersecurity could be catastrophic.