Has the 35-day shutdown of the federal government left the U.S. dangerously vulnerable to cybersabotage from its overseas rivals?
Robert Knake, a senior research scientist at Northeastern University’s Global Resilience Institute, believes the cybertraffic backed up on government servers will likely overwhelm normal security precautions as federal employees return to their computers.
In a blog post written before the shutdown ended, Knake said the government should have shut down its IT networks early in the crisis to head off just such a catastrophe.
“Right now, millions of email messages are queuing up, waiting for federal workers to return and start the process of plowing through them,” warned Knake in a blog written for the Council on Foreign Relations Digital and Cyberspace Policy Program, where he is currently the Whitney Shepardson Senior Fellow.
“Many thousands are going to be targeted [with] spear-phishing emails from adversaries that are counting on rushed workers letting their guards down in the days after the shutdown ends.”
Knake suggested that if another major shutdown occurs, it will only encourage Washington’s foreign rivals to ratchet up the kinds of tactics that have already been identified as attempts to compromise U.S. security.
“While the defenders of federal networks are facing low morale and are unsupported, I have no doubt that our adversaries are fully supported in their mission to compromise federal networks,” he wrote.
“It’s likely that the postmortem of the next major federal breach will show that the initial compromise occurred during or shortly after the end of the shutdown.”
And another shutdown could very well be in Washington’s future.
The legislation bringing federal workers back on the payroll only commits spending to Feb. 15. President Donald Trump, still bristling over the failure to win concessions from Democratics to allocate money for his border wall, has said it’s a “50-50” chance that a final agreement can be reached—adding that another government-wide freeze was “certainly an option.”
If it does happen again, Knake has three words of advice for the feds operating government IT networks: Shut them down.
“Instead of what appear to be ad hoc decisions on whether and how to maintain web presences, federal agencies should shut down their web servers and thereby reduce the attack surface,” he wrote.
“When funding is reinstated, federal IT systems should be brought back online slowly and deliberately.”
Current federal law allows the government to maintain “essential” functions whenever funding lapses, but America’s dependence on Internet technology is so vast and all-encompassing, from TSA workers to air traffic controllers, it would be impossible to decide which cyber activities take priority, he pointed out.
For that reason, he argued, it’s safer to restrict the operations of all the government’s IT servers to a “bare minimum,” rather than try to determine which should remain open for national security.
“There is an old adage in IT security that the only secure computer is one that is unplugged,” he wrote.
The shutdown, the longest in American history, may also have long-term implications for the government’s ability to maintain the staffing needed to keep its networks safe.
“The shutdown is the best thing that ever happened to recruiters at cybersecurity firms,” Knake wrote. “With savings depleted and credit cards maxed, giving up on ‘the mission’ and taking a private sector role is a lot easier to do.
“I expect any day now that firms will offer starting bonuses equal to the back wages since the shutdown.”