As the number of days grow during this partial federal government shutdown, U.S. Cybersecurity weakens. The safety of our nation is more at risk to cyber attacks as the federal Cybersecurity division remains understaffed. Concerns arise such that security guidelines by the National Institute of Standards and Technology (NIST) are outdated, intrusions are missed, security weakens when passwords are reset, and skilled unemployed staff migrate to private companies.

A few important keywords deciphered to give you some background:

• National Institute of Standards and Technology (NIST) – a division of U.S. Department of Commerce that provides measurements and standards for a vast amount of products and services that rely on technology.
• TLS Certificates – Transport Layer security is an updated and more secure version of Secure Sockets Layer (SSL) that uses a form of encryption comes in pairs of keys. One key encrypts data and can only be decrypted with the paired (second) key. that to provide end-to-end security of data sent between applications over the internet to ensure privacy of messages or data sent.
• Backdoor – in terms of hacking, it is a secret and undocumented path that allows hackers to illegally access a network, system, or application.

Outdated NIST Security Guidelines

Due to government funding, the Cybersecurity division NIST was left understaffed and security guidelines outdated. Many security companies depend on NIST guidelines as a standard to:

• Determine security tools required to test systems for vulnerability and reconnaissance
• Develop security technology and encryption plans to protect systems from cyber attacks
• Design and implement security measures to respond and resolve cybersecurity attacks

When visiting their website, companies have been left in the dark and greeted with the following message:

Undetected Infiltration’s

A backlog of log files to be reviewed is piling up. Because of time limits, there is a probability that old log files may never get analyzed for successful infiltration’s. As the shutdown extends, this allows plenty of time for hackers (or cyber attackers) who successfully infiltrated government networks to perform malicious actions and create a backdoor, giving hackers the ability to re-access the network after government operations have resumed.

Security of Password Resets

People forget passwords, especially if it hasn’t been used for a month. Password resets are likely to be enforced when employees return to work. If a hacker already established a backdoor or deployed malicious software, regardless if a password reset is enforced, old passwords and new passwords would be easily available for hackers.

In a different scenario: if hackers did not successfully infiltrate or deploy malicious software. It is a likely possibility that the requirements for password resets may be less strict, allowing employees to re-use old passwords or require fewer characters. These are examples of bad security policies for password management as hackers know people re-use passwords and fewer characters mean weak passwords and fewer attempts to match passwords

Difficulty Filling Vacant Government Cybersecurity Positions

Because of politics, the shutdown has left many employees without a paycheck. A number of them have sought out employment with private agencies in fear of not having a steady paycheck, missing out on better opportunities, or living the corporate life. A major shortage of cybersecurity professionals already exists in both public and private sectors, thus making recruitment of new talent more difficult for the federal government.

The extended government shutdown thins the ice for U.S. Cybersecurity. We are at risk because of politics, leaving many employees unemployed, and thinning cybersecurity staff. As NIST security guidelines remain outdated, other cybersecurity companies are left at risk to cyber attacks. Infiltration’s are occurring and allowing hackers time to create malicious counter measures to tackle password resets and keep backdoor hidden. Talented cybersecurity professionals who protected the country are left without a paycheck to pay their bills and support their families for their public service.

While politics continue and put the government at a pause, cyber attacks don’t and instead take advantage of this moment. This makes increases the challenge for cybersecurity professionals. In order to improve cybersecurity, these risks need to be considered.

Sources
CBS News – Cybersecurity Risks During Government Shutdown
Venture Beat – 5 Ways The Government Shutdown Is Impacting US Cybersecurity