Government Shutdown Poised to Stress Nations Cybersecurity Supply Chain

  /     /     /  
Publicated : 23/11/2024   Category : security


Government Shutdown Poised to Stress Nations Cybersecurity Supply Chain


CISA announces it will furlough more than 80% of staff indefinitely if Congress cant reach an agreement to fund the federal government.



The looming US federal government shutdown will put the nations cybersecurity apparatus under intense strain, increasing the likelihood of cyberattacks across the countrys entire software supply chain if Congress does not pass a budget by the Oct. 1 deadline, experts warn.
The US Department of Homeland Security (DHS) updated its plan to respond to the lapse in appropriations that will be triggered in less than three days unless Congress reaches a compromise to fund the federal government. The
government shutdown plan
includes the indefinite furlough of more than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce.
The mass furloughs that would result from a
government shutdown
would degrade the cybersecurity of the entirety of the nations software supply chain, including critical infrastructure, transportation, healthcare, and energy, according to a statement from Justin Williams, managing partner at Optiv.
Threat actor campaigns could run amok without CISAs ability to rapidly share indicators of compromise; supply chain cyberattacks could go unnoticed and spread unchecked beyond government systems; and even simple regulatory and certification functions would grind to a halt in the wake of a shutdown.
CISA provides critical linkages by and between our commercial organization and government, Williams said. This linkage includes support for organizations who are under duress or otherwise dealing with a cyber event or incident, putting commercial organizations and industry sectors at risk when indicators of compromise (IOC) are not shared among the proper groups to slow or stop the movement of adversaries.
Skeleton crews left inside government cybersecurity posts working across the government and beyond CISA are working under intense conditions, according to Roselle Safran, founder and CEO of KeyCaliber. She was the head of cybersecurity efforts of the Executive Office of the President during the 2013 government shutdown, which lasted over two weeks.
When I was at EOP, I had to work the night shift part of the week because the analysts on my team were furloughed, Safran says. It brings lots of stress to those who are working because they are acutely short-staffed and covering the work of multiple people. And it brings lots of stress to those who arent working because they dont know whether or not they will receive pay for the time period.
Reminiscing on her experience, Safran adds, And my daughter is a shutdown baby.
The prospect of a government shutdown should be cause for concern among enterprise security teams, according to Jeffrey Wells, a former cyber czar for Maryland and current partner at Sigma7.
Beyond incident response support, a government shutdown will likely draw the attention of threat actors.
The shutdown can create an environment thats perfect for exploitation by hackers, Wells says. With government resources and response capabilities potentially limited, threat actors may seize the opportunity to target organizations.
In preparation, enterprise security teams should be vigilant about monitoring and threat detection measures, he adds.
Government contractors will be affected by furloughs as well, adding even more potential risk into the software supply chain, Wells says.
To address this, cybersecurity teams should establish alternative channels for reporting incidents and seeking assistance, Wells adds.
A MITRE spokesperson says the longer the shutdown drags on, the more risk to the nations cybersecurity posture, as the contingency operations inevitably become strained.
To help, MITRE recommends any contractors working under federal contracts continue working, to the extent that its reasonable, until they receive a stop work order.
State and local governments may also step in to provide reinforcements to the feds, the spokesperson notes.
In the meantime, MITRE says it will continue to offer its tools throughout the shutdown.
MITREs open frameworks and knowledge bases such as MITRE ATT&CK, Caldera, D3FEND, Engage, ATLAS, Security Automation, System of Trust, CVE, and CWE, to name a few, will remain active and available for cyber defenders to level up their threat-informed defense and stay on top of possible adversary threats and cyber vulnerabilities, the spokesperson says.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Government Shutdown Poised to Stress Nations Cybersecurity Supply Chain