5 Ways the U.S. Government Shutdown Affected Cybersecurity

Posted by Geraldine Hunt on Fri, Mar 1st, 2019

The recent federal government shutdown was the longest in United States history. During the shutdown, 800,000 federal employees were put on full or partial leave. Security experts warned how cybersecurity was impacted by the partial federal government shutdown. Many agencies that many cybersecurity, such as the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology (NIST), were working with reduced staff during the shutdown.

Beyond the dangerous premise that attackers may have been able to take advantage of this circumstance, the cybersecurity challenges of the shutdown can provide important lessons for the private sector as well.

Expired Security Certificates

Trusted security certificates are an essential element of cybersecurity today.  A trusted certificate proves the identity and genuineness of the site to the site visitor.  Without a trusted certificate, users can be deceived by man-in-the-middle attacks or DNS redirects.  A compromised DNS can redirect users to what they think is their bank site, but is simply a ruse by a hacker to steal the login credentials of an unsuspecting user in order to obtain access to their real online bank account.

What does this have to do with the shutdown?  Well, during the shutdown, more than 130 certificates used to protect U.S. government websites expired.  This means that users could have been redirected to other bogus sites.  Imagine if this had happened to the Social Security Administration or IRS.  This shows the importance of keeping your certificates up-to-date and not waiting until the last minute to renew them.  By renewing your certificates in advance, you lessen the risk of an unforeseen event that may prevent you from renewing them at the last minute.

Updating and Patching Were Postponed

The infamous Equifax breach that exposed the personal information of 143 million people was due to a vulnerability for which a patch had been issued months before the attack.  Patching and updating all of your operating systems, applications and firmware is a ritual that provides huge payoffs.  One could argue it may be the most important security task your organization can perform.  It is more than likely that patching and updating got pushed to the side during the shutdown as government departments relied on IT departments that were half-staffed at best.  Due to the relentless level of attacks on government establishments, corporations and MSP’s today, it is hard enough to keep up with it all when running full strength.  It is essential for enterprises today to implement an automated way to ensure that all of their infrastructure and client devices are updated regularly and not rely on manual observation and intervention.

 Password Resets

If you are an IT professional in the K12 education field, then you know what it’s like to have everyone resetting their password at once. That’s because when school starts every year, nearly every returning teacher needs their password reset after having it expire over the summer. It’ss very likely, that many of the government workers returning to their offices needed their passwords reset their first day back as well.  When the help desk is besieged with password requests, it can overwhelm the tech support staff, tempting them to ease password restrictions such as allowing the use of prior passwords or dropping complexity requirements.  But tempting as this may be, the strict enforcement of password policies is critical due to the advanced technologies used in credential stuffing attacks today.  This also highlights the importance of multifactor authentication policies to strengthen the authentication process just in case you are faced with a massive reset need at some point in the future.

Talent Shortage

According to a report released by Gartner on January 17, 2019, a global talent shortage is now the top emerging risk facing organizations today.  It’s fairly standard for US government workers to make less than their private industry counterparts.  The disparity in pay however is usually offset by elevated benefits packages and a more stable work environment as layoffs are rare in the public sector. The short-term hardship of the shutdown, however, may have many talented government workers reconsidering their employment decisions.  Government offices faced personnel challenges after the last shutdown in 2013 which was far shorter, as some valuable talent left for greener pastures and prospective job candidates expressed greater hesitancy to accept employment.  This could be a rare opportunity for companies and private organizations to steal talent away from federal employers.  It also reminds us how invaluable cybersecurity talent truly is today.

Email Permissiveness

 So what do you think the government workers did their first few hours on the job?  Undoubtedly they checked their email, weeks of it, in one sitting.  While many government departments were immune to phishing attacks during the shutdown due to no one being at the office, email vulnerability was significantly increased upon the return back to work.  Face it, when you have to sort through a backlog containing hundreds of emails, it is easy to be less discerning and scrupulous in reviewing them. That’s when a link or malware infected attachment gets clicked, exposing the enterprise to malware, trojans and backdoor attacks.  This is why it’s so critical to have a complete email security solution that not only includes spam filtering but sandboxing and DMARC services as well.  Web filtering also plays an important role as it can serve as a tool to eradicate malware and malicious code that is downloaded as a result of an embedded link being clicked.