How the government shutdown is flushing away federal cyber-talent

A sign outside Big Bend National Park reads

Enlarge / The true consequences of the government shutdown for information security may not yet have been felt. (credit: Gary Kemp Photography/Getty Images)

The US Federal government is in the midst of the longest gap in funding for many of its agencies in history. As the “shutdown” extends into a second month, the economic impact is mounting for federal workers—including civil servants and government contractors working in IT and information security roles for the government—as well as the communities they work and live in.

Furloughs have had a real impact on the government’s security posture as well. Work at the National Institutes of Standards and Technology on a number of initiatives, including work on encryption, has been suspended. Some “non-essential” agencies have had to furlough security teams, leaving them with no way to respond to incidents during the shutdown. Routine maintenance on IT systems, such as patches and updates to websites and server operating systems, are being deferred. And those still at work at agencies operating without a budget are doing so without pay and under financial duress—not exactly an ideal situation for maintaining a top security posture.

“I saw something a few days ago where 100-odd government SSL certs were expiring,” said Chris Eng, Vice President of Research at the software security firm Veracode. “There’s a lot of this sort of ongoing work that’s not even the high-pressure instant response stuff that’s not being done. Imagine if something like a Heartbleed came out tomorrow—what is going to be the capability of government agencies to respond to that when they’re operating on a skeleton crew?”

Read 8 remaining paragraphs | Comments

Biz & IT – Ars Technica