Cyberrisk Up Because of Shutdown. Fed CIO Warns Depleted Cybersecurity Force May Not Be Able to Stop Hackers from Infiltrating U.S. Systems.
The U.S. government’s chief information officer, Steven VanRoekel, says furloughs from the government shutdown have reduced the number of cybersecurity staff across federal agencies. This reduction could turn into an open invitation for cybercriminals to take a hack at breaking into federal networks.
VanRoekel told the Wall Street Journal’s CIO Journal, “I worry about cybersecurity in the midst of a shutdown. If I was a wrongdoer looking for an opportunity, I’d contemplate poking at infrastructure when there are fewer people looking at it.”
The government shutdown or partial shutdown (depending on the description you’re partial to) is supposed to exempt workers critical to national security. But VanRoekel said that the fact was that most federal sites were being run by a “skeleton crew.”
Joel Schectman writes on CIO Journal that with the shutdown imminent, VanRoekel advised that cybersecurity staff who monitored computer networks should be exempted. Despite the advice, most of the staff who specialized in responding to cyberattacks were furloughed anyway. While they could be called back in the event of an attack, VanRoekel says “(the loss of real-time response) is a little bit worrisome for me. I have fewer eyes out there.”
While the Department of Homeland Security has maintained staff who can respond to cyberattacks, VanRoekel says agencies outside of DHS “would have to have skeleton crews and call people in (to deal with hackers.)”
The decision whom to exempt was made on an agency-by-agency basis. Therefore VanRoekel couldn’t determine the percentage of government cybersecurity staff and IT workers who were furloughed.
In an ironic turn, VanRoekel pointed out that “the people I would [ask to assess the percentage of staff who are exempted] are currently not working [because] doing that assessment is not an exempted activity.”
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.