, ,

Federal Cybersecurity Faces Setbacks Amid Shutdown

The partial federal shutdown has spurred furloughs at crucial agencies for cybersecurity, including the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA), a Homeland Security Department component.

Eighty-five percent of the NIST staff have been furloughed, for example, and the privacy standards that the agency provides, which private companies and cybersecurity course makers depend on, are no longer accessible on the web. Nearly half of CISA personnel, meanwhile, are furloughed, which may cause the agency to lose critical efficiency when acting on its initiatives.

“What worries me most is the long-term effect of further limiting the pool of cybersecurity people who are willing to work for government,” writes Phil Reitinger in a Jan. 7, 2019 post for the Global Cyber Alliance. “Cybersecurity is a very competitive field, with a significant shortage worldwide of qualified personnel.  In most cases, government cybersecurity professionals could find a higher paying and more flexible job in the private sector.”

Reitinger points out that while network monitoring will continue, and cybersecurity threats will be dealt with, the employees who are performing those functions will operate without pay during the partial shutdown. The efficiency of these workers will also be reduced because of reduced staffing. Finally, the uncertainty of when they will receive their next paycheck might also cause unwanted stress.

Reitinger also stated that the shutdown might not be conducive to retaining talent in a competitive field.

“Faced with little respect, low and uncertain pay, arbitrary disruption, and an inability to accomplish the mission they love, people leave government, and in the future, never work for it in the first place,” he said.

The 2015 Federal Employee Viewpoint Survey explored the correlation between employee engagement and mission-critical operations (MCO) and found that while MCO scores were generally higher compared to non-MCO scores, IT specialists did not give the government high ratings with regard to recruiting, retaining, or training them. These are all lingering issues in government today.

In November 2018, the Trump administration rolled out a program aimed at retraining federal employees to fill open cybersecurity positions in the government. The first application deadline for the Federal Cybersecurity Reskilling Academy pilot program was set for Jan. 11. But the shutdown has delayed those efforts. “Due to the current lapse in appropriations, the application acceptance process for the Cyber Reskilling Academy will remain open,” according to the program’s website.

Technology modernization efforts are also lagging behind due to the partial shutdown. The Technology Modernization Fund (TMF) received $100 million to start modernization projects at various departments in fiscal 2018. According to the TMF website, which was last updated Dec. 12, only two of the six projects that have received awards have spent some of their funding. The two projects, the Housing and Urban Development Department’s (HUD) UNISYS Mainframe Migration and the Agriculture Department’s (USDA) Farmers.gov, belong to agencies that are currently closed due to the shutdown, which could lead to project delays.

A Netcraft report released on Jan. 10 also showed that .gov websites are using more than 80 expired transport layer security (TLS) certificates. According to Symantec, TLS is “the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.” Many federal government websites have been deemed insecure or inaccessible due to failure to renew TLS certificates.

Even lawmakers have expressed concern about this situation.

“How can we ever hope to recruit or maintain IT talent when hardworking government workers are told: ‘sorry, you aren’t getting paid, but you still need to come to work’ or ‘sorry, but no paycheck this week because of politics?’ Rep. Robin Kelly stated in a press release. “Large private sector companies never say this to their employees and these are our competitors when it comes to IT talent recruitment.”

You can find all of GovLoop’s shutdown coverage here.

Photo credit: David Rangel via Unsplash

Leave a Comment

Leave a comment

Leave a Reply