Government shutdown lays out "welcome mat" for hackers, security experts warn
By Dan Patterson
/ CBS News
Cybersecurity experts are worried that the United States is at greater risk of cyberattack due to the federal government shutdown.
Maintaining the nation's robust cyber-defense infrastructure—including hardware and software systems—relies on thousands of now-furloughed employees. With fewer trained professionals monitoring U.S. digital systems, the country is at greater risk of attack, data theft, and falling behind in the cyber arms race, experts say.
"We have laid out the welcome mat to any and all nefarious actors," said Mike O'Malley, VP of strategy at cloud defense firm Radware. "Unfortunately, we know all too well from experience that hackers, especially nation-state sponsored, have a high level of patience and are willing to lie in wait for the most opportune moment to strike."
A large percentage of workers at two of the nation's most important cyber-defense agencies are not working due to the partial government shutdown. According to the MIT Technology Review, approximately 45 percent of employees at the Cybersecurity and Infrastructure Protection Agency, a part of the Department of Homeland Security, and 85 percent of staffers at the National Institute of Standards and Technology, the department in charge of maintaining cybersecurity standards, are on furlough.
And a government shutdown, he said, is the perfect moment to strike. With our defenses down attackers will try to quietly exfiltrate data or plant malware that snoops on U.S. computer systems.
"Any department that has sensitive information that can be used in espionage or fraud would be hit hardest by an attack," O'Malley said, "such as the Department of Homeland Security, State Department, and all of the intelligence services. The risk is not only for short-term data theft but also injection of longer-term persistent attacks."
Short staffing also leaves the IRS exposed to hostile and covert cyber activity, said Bryson Bort, CEO of cyberdefense firm SCYTHE and a fellow at the National Security Institute. Cyber vulnerabilities at the IRS could prevent millions of Americans from receiving their tax refunds on time.
"Monitoring is probably not happening at 100 percent of usual operations, which means that there is an increased chance that malicious activity may not be spotted," said Bort, noting "the timing of the shutdown right as we move into tax season."
Bort is primarily concerned with two interconnected types of threat actors: for-profit hackers and organized nation-state groups. For-profit hackers will either want to sell data back to nation-states, or are looking for personal identity records to use in fraud and identity theft. Nation-state actors may include "China, Iran, Russia, and North Korea," said Bort. "But I don't think they will 'attack.' I do think this is a good opportunity to step up iterative campaigns to compromise, gather intelligence, and place something quiet for the future."
A cyberattack or data breach targeting government agencies during the shutdown could also cost taxpayers millions of dollars. In its annual data breach analysis report, IBM estimated the average total cost per breach to businesses was about $3.86 million in 2018, up 6.4 percent from the previous year. The cost to the government could be significantly higher because without proper monitoring during the shutdown, digital holes could persist for weeks or longer.
The shutdown will also impact agencies' ability to upgrade existing systems, repair hardware, and build new cyber defense capabilities, said Dave Mihelcic, chief technology and strategy officer for Juniper Networks and the former chief technology officer of the Pentagon's Defense Information Systems Agency.
"Many projects were likely already on hold due to the continuing resolution affecting numerous agencies," said Mihelcic. "With the shutdown, even previously funded efforts have been slowed. For example, the upgrading of desktop operating systems to the most recent and secure versions. The shutdown could have lasting impacts in the cyber-readiness longer term."
Ray DeMeo, co-founder and COO of cyber-defense firm Virsec, is concerned that the government shutdown could have negative long-term consequences on government staffing and recruiting for important cybersecurity jobs in the future. These jobs, DeMeo says, keep Americans safe.
"Even at full capacity, resources are at a bare minimum for the mountain of work at hand just to get the government's IT infrastructure up to minimum levels of resiliency, all while working against the nonstop firehose of hour-by-hour attacker assaults," DeMeo said. "Attempting to parse critical and non-critical cyber personnel is not possible. It's quite literally dismissing the people who are building your fort while you are in the middle of fighting a war."
First published on January 16, 2019
© 2019 CBS Interactive Inc. All Rights Reserved.
Dan Patterson
Dan Patterson is a senior producer for CNET and CBS News. He covers the tech trends that shape business, politics, and culture.
Government shutdown lays out "welcome mat" for hackers
Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.
updated 1M ago 
Iran claims U.S. holding Iranian state TV news anchorwoman
FBI has not confirmed or denied that U.S.-born Marzieh Hashemi was detained as she arrived in St. Louis to visit family
updated 12M ago 
Uncertainty on Wall Street is at a record high
A key measure of global economic uncertainty hit its highest level ever this month amid all kinds of worrisome news
updated 26M ago 
NY eateries cut staff hours as minimum wage hits $15
Many owners also report eliminating positions and raising prices, but others find different ways to offset higher pay
updated 22M ago 
Transcript: Robert Pape talks with Michael Morell on "Intelligence Matters"
To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape
1H ago
Government shutdown lays out "welcome mat" for hackers
Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.
updated 1M ago
Transcript: Robert Pape talks with Michael Morell on "Intelligence Matters"
To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape
1H ago
To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape
On the "Intelligence Matters" podcast this week, Pape, the director of the Chicago Project on Security and Threats (CPOST) at the University of Chicago, talks with CBS' Michael Morell
1H ago 
Why it would be hard to build a border wall
Even if it gets funded, regulations and a lack of accessibility would make building a wall along the southern border extremely difficult
1H ago 
Shutdown bringing "uncharted" uncertainty to Super Bowl planning
TSA worker sickouts, already lengthening airport lines, could make crush at Atlanta's airport even worse if gov't remains partially shut down on game day
2H ago 
Iran claims U.S. holding Iranian state TV news anchorwoman
FBI has not confirmed or denied that U.S.-born Marzieh Hashemi was detained as she arrived in St. Louis to visit family
updated 12M ago 
Why Theresa May's Brexit defeat matters to the U.S.
With just 72 days until the U.K. is scheduled to leave the EU, economic uncertainty caused by the landslide vote could ripple across the Atlantic
updated 25M ago 
U.S. businessman among those killed in Kenya terror attack
Friend says Jason Spindler was "one of those rare men who was loved by pretty much anyone" as Kenyan leader puts toll from al-Shabab attack at 14
1H ago 
Race to find boy stuck down deep hole in Spain
Officials say hair pulled from 330-foot hole bored in search of water proves 2-year-old boy is inside, but they can't reach him yet
updated 50M ago 
British lawmaker delayed giving birth to vote against Brexit
"My decision to delay my baby's birth is not one I take lightly …" British Member of Parliament Tulip Siddiq tweeted
6H ago 
New "Ghostbusters" movie slated for summer 2020
Latest installment in the Ghostbusters series begins production this summer — but there's no word yet on the cast
9H ago 
Rihanna sues father for allegedly misusing the Fenty name
They share the Fenty last name — but only Rihanna has the trademark
14H ago 
Watch the first trailer for "Spider-Man: Far from Home"
"Spider-Man: Far from Home" debuts in theaters July 5
14H ago 
Molly Ringwald talks "real" moments of new movie
Actress was a teen Hollywood icon in the '80s, starring in classic movies including "The Breakfast Club," "Pretty in Pink," and "Sixteen Candles"
17H ago 
Kim Kardashian reveals gender of baby No. 4
Kardashian revealed the news to Andy Cohen, who is also expecting a baby boy with a surrogate
17H ago
Government shutdown lays out "welcome mat" for hackers
Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.
updated 1M ago 
Antarctica's ice is melting faster, raising risk of sea level rise
The yearly loss of Antarctic ice mass has increased six-fold since 1979, scientists report
20H ago 
Netflix hikes prices on all subscription plans
On the heels of a blowout success with "Bird Box," the streaming service is raising monthly prices by $1 or $2
20H ago 
Iran admits failed launch of satellite U.S. worries about
Tehran plans to put at least two into orbit that Washington says use tech that could be used to deliver nuclear weapons
Jan 15 
"Marty" the robot ready to roll at some grocery stores
Fully autonomous robotic assistants will cruise the aisles looking for potential safety hazards
Jan 14 
Experimental patch could offer once-a-month contraception
Microneedle patch would be placed on the skin for a few seconds each month and would slowly release contraceptive drugs over time
17H ago 
Fraud allegations at facility where vegetative patient gave birth
A former top prosecutor in Phoenix will investigate what happened at the long-term care center where a vegetative patient gave birth
14H ago 
Baby gets hearing aids, can't stop giggling
The baby's infectious laughter has melted hearts across the country
15H ago 
Poor sleep may take a toll on your heart
New research finds not getting enough good sleep could affect your risk of heart disease
Jan 14 
Americans more likely to die from opioids than a car crash
A new report from the National Safety Council sheds light on the most common causes of accidental death in the U.S.
21H ago 
Uncertainty on Wall Street is at a record high
A key measure of global economic uncertainty hit its highest level ever this month amid all kinds of worrisome news
updated 26M ago
NY eateries cut staff hours as minimum wage hits $15
Many owners also report eliminating positions and raising prices, but others find different ways to offset higher pay
updated 22M ago 
Shutdown squeezing nation's craft beer makers
Agency that regulates alcohol production and distribution is closed, so permits being held up for new brews, new breweries and interstate shipments
2H ago 
Most Americans couldn't cover a $1,000 expense
Dearth of savings leaves many people unable to cope with even ordinary financial emergencies
7H ago 
Why have a Big Mac when you can have a Supermac?
Victory for Irish fast-food chain means McDonald's no longer has trademark on "Big Mac" in Europe
12H ago 
1 dead, 2 injured in hammer attack at NYC restaurant
Two men, a 61-year-old and 50-year-old, are said to be in serious condition; police said a third victim has died from his injuries
8H ago 
Man who shot rookie officer was barred from owning guns
Natalie Corona, 22, had only been patrolling by herself for two weeks when she was fatally shot in Davis, California
10H ago 
Jayme Closs kidnapping suspect allegedly tried to take her 2 other times
New details are emerging about suspect Jake Patterson and his plan to allegedly kidnap 13-year-old Jayme Closs
12H ago 
Former World Series MVP charged with child sex abuse
Former major league pitcher John Wetteland has been arrested in Texas and charged with abusing a child under 14
14H ago
Fraud allegations at facility where vegetative patient gave birth
A former top prosecutor in Phoenix will investigate what happened at the long-term care center where a vegetative patient gave birth
14H ago
