This fall’s weekslong government shutdown only added to concerns about the state of federal cybersecurity—creating the possibility of blind spots or gaps in monitoring while so many workers were furloughed and contributing in general to the already extensive IT backlog at agencies across the government.
“Federal IT workers, they are good jobs, there’s not enough resources for the issues that they have to deal with,” one former national security official, who requested anonymity because they are not authorized to speak to the press, told WIRED. “It’s always underfunded. They always have to catch up.”
Amélie Koran, a cybersecurity consultant and former chief enterprise security architect for the Department of Interior, notes that one of the most significant impacts of the shutdown likely involved disrupting, or in some cases potentially ending, relationships with specialized government contractors who may have needed to take other jobs in order to get paid but whose institutional knowledge is difficult to replace.
Koran adds, too, that given the limited scope of the continuing resolution Congress passed to reopen the government, “no new contracts and extensions or options are probably being done, which will cascade to next year and beyond.”
While it is unclear if the shutdown was a contributing factor, the United States Congressional Budget Office said more than five weeks into the ordeal that it had suffered a hack and had taken steps to contain the breach. The Washington Post reported at the time that the agency was infiltrated by a “suspected foreign actor.” And after years of incredibly consequential US government data breaches—including the 2015 Office of Personnel Management hack perpetrated by China and the sprawling, multi-agency breach launched by Russia in 2020 that is often called the SolarWinds hack—experts warn that inconsistent staffing and reduced hiring at key agencies like CISA could have disastrous consequences.
“When, not if, we have a major cybersecurity incident within the federal government, we can’t simply staff up with additional cybersecurity resources after the fact and expect the same outcomes we would get from long-tenured staff,” says Jake Williams, a former NSA hacker and current vice president of research and development at Hunter Strategy.
Brain drain, Williams says, and any loss of momentum on digital defense, is a serious concern for the US.
“On a daily basis I’m worrying that federal cybersecurity and critical infrastructure protection may be backsliding,” Williams says. “We must stay ahead of the curve.”