14 DAY TRIAL // The shutdown of the United States government has a major impact in many areas and cyber security is one of them.
For instance, Senator Kirsten Gillibrand (D-NY) is planning to propose three bills designed to boost the US’s defenses against cybercriminals and hackers.
“If we’re going to keep America safe we have to invest in cyber security, in the best solutions and best practices,” Senator Gillibrand said.
However, as UBM Tech highlights, Congress has other things on its plate right now so it’s highly unlikely that it will take up any cyber security issues.
Experts from IT security firm Tripwire also make an interesting point regarding the impact of the US government shutdown on cyber security.
Tripwire Director of Product Management Tim Erlin explains that the shutdown has both an immediate and a ripple impact on cyber security. The immediate effect stems from the fact that important security people with not be able to carry out their jobs during the shutdown.
For example, while the government likely sees the national vulnerability database as an essential service, the level of staffing might be reduced, which automatically means that less vulnerability-related information is being added. This makes it more difficult to deal with serious cyber security events.
According to Erlin, the ripple effects are also dangerous. New vulnerabilities are discovered each day. However, during the government shutdown, it’s less likely that they’ll be properly patched.
The longer the shutdown lasts, the more opportunities cybercriminals will have to breach systems.
“Additionally, compromised systems may go for a longer period without detection, allowing an attacker to take more than one step toward their targeted without being noticed. These deeper intrusions are more likely during this shutdown and harder to uncover when the shutdown ends,” Erlin noted.
Head of Tripwire’s Vulnerability and Exposures Research Team (VERT), Lamar Bailey, warns that cybercriminals might take the opportunity to target systems that store information that is vital to national security.
“If I were a hostile nation state, I would start unleashing everything I have right now in an attempt to exploit as much as possible while federal agencies are distracted,” Bailey said.
“In the late 1990′s and early 2000′s, the greatest number of exploits happened over holidays, weekends, and late at night when the IT staff was operating on a skeleton crew. This is no different.”
Tripwire CTO Dwayne Melancon says that several federal agencies have furloughed numerous IT employees, including IT security staff.
“If I were leading an agency right now, I’d place a huge emphasis on retaining adequate security personnel to monitor for suspicious activity and protect systems and data,” Melancon noted.