A top House lawmaker, along with former Department of Homeland Security officials, say the partial government shutdown is hampering federal officials’ ability to anticipate and proactively address cyberthreats.
“We can kind of address things as they come, but we can’t look forward and do additional mitigation and other kinds of things that we normally do,” Rep. Bennie Thompson, D-Miss., told reporters Thursday at an event on Capitol Hill on the security implications of the shutdown.
“So if somebody tells us about something or we identify it, we can go after it,” added Thompson, who is chairman of the Homeland Security Committee. “But we can’t plan for the next month or the next three months because we don’t have the capacity to do it with the shutdown.”
Former DHS officials agreed that the partial shutdown, which began Dec. 22 and has 800,000 workers across all agencies furloughed or working without pay, is undercutting the department’s proactive footing on cybersecurity.
“A lot of the day-to-day [DHS cybersecurity work] is happening, it’s the bigger, strategic stuff that’s not,” Caitlin Durkovich, a former DHS assistant secretary for infrastructure protection, told reporters at the Capitol Hill event.
For example, intrusion-detection systems and other important tools for monitoring federal networks for cyberthreats are still in place, and numerous DHS cybersecurity employees are working without pay on those programs. Of the roughly 3,500 employees at DHS’s Cybersecurity and Infrastructure Security Agency (CISA), over 2,000 are still working during the shutdown, according to DHS figures. (Not all CISA employees focus on cybersecurity.)
The concern, however, is that some of DHS’s more anticipatory work, like election-security initiatives and vulnerability assessments of critical systems, are stalled because of the shutdown. Another DHS activity likely on hold is work with allies to ensure an effective response to the next global cyber incident like the 2017 WannaCry ransomware, according to Suzanne Spaulding, a former DHS undersecretary.
Former DHS secretaries are also sounding the alarm about the erosion of the department’s broader security posture.
“From a security standpoint, we are letting our guard down,” former DHS secretary Jeh Johnson said Thursday at the Capitol Hill event. “If this shutdown ended tomorrow, I fear that the damage already done to our security will be months, if not years.”
Johnson was one of five ex-DHS secretaries who wrote to President Donald Trump and lawmakers Wednesday pleading with them to fund DHS’s critical national security mission.
Agencies on the clock to implement DHS directive
While the government’s partial closure has left many agencies short-staffed, DHS officials felt alarmed enough by a recent domain name system (DNS) hacking threat to release an unprecedented emergency directive to federal civilian agencies on Tuesday. The order gave agencies 10 business days to institute multiple security protocols in the face of a suspected Iranian hacking threat.
After CyberScoop reported that at least six civilian agencies are affected by the malicious DNS activity, Rhode Island Rep. Jim Langevin, another top Democrat on the Homeland Security Committee, said he wants DHS to brief the committee on the scope of the threat and the implementation of the order.
Chris Krebs, the senior DHS official who issued the order, said that the directive was implementable despite agencies being short-staffed during the shutdown. However, Langevin and Thompson have expressed concern about agencies’ ability to carry out the order.
“If you don’t have the manpower, it’s almost impossible to get it done,” Thompson told reporters Thursday. “It’s nice to issue it, but it remains to be seen whether they can accomplish it.”
In an aside meant to highlight the unceasing stream of cyberthreats facing federal officials, Thompson said he had received a phishing email at his government address earlier in the week.
The Mississippi Democrat said he didn’t click on the malicious content and alerted authorities to the lure. But the email is but one in a sea of daily intrusion attempts on federal networks – whether the government is funded or not.