Government shutdown lays out "welcome mat" for hackers, security experts warn

By Dan Patterson

/ CBS News

Cybersecurity experts are worried that the United States is at greater risk of cyberattack due to the federal government shutdown.

Maintaining the nation's robust cyber-defense infrastructure—including hardware and software systems—relies on thousands of now-furloughed employees. With fewer trained professionals monitoring U.S. digital systems, the country is at greater risk of attack, data theft, and falling behind in the cyber arms race, experts say.

"We have laid out the welcome mat to any and all nefarious actors," said Mike O'Malley, VP of strategy at cloud defense firm Radware. "Unfortunately, we know all too well from experience that hackers, especially nation-state sponsored, have a high level of patience and are willing to lie in wait for the most opportune moment to strike."

A large percentage of workers at two of the nation's most important cyber-defense agencies are not working due to the partial government shutdown. According to the MIT Technology Review, approximately 45 percent of employees at the Cybersecurity and Infrastructure Protection Agency, a part of the Department of Homeland Security, and 85 percent of staffers at the National Institute of Standards and Technology, the department in charge of maintaining cybersecurity standards, are on furlough.

And a government shutdown, he said, is the perfect moment to strike. With our defenses down attackers will try to quietly exfiltrate data or plant malware that snoops on U.S. computer systems.

"Any department that has sensitive information that can be used in espionage or fraud would be hit hardest by an attack," O'Malley said, "such as the Department of Homeland Security, State Department, and all of the intelligence services. The risk is not only for short-term data theft but also injection of longer-term persistent attacks."

Short staffing also leaves the IRS exposed to hostile and covert cyber activity, said Bryson Bort, CEO of cyberdefense firm SCYTHE and a fellow at the National Security Institute. Cyber vulnerabilities at the IRS could prevent millions of Americans from receiving their tax refunds on time.

"Monitoring is probably not happening at 100 percent of usual operations, which means that there is an increased chance that malicious activity may not be spotted," said Bort, noting "the timing of the shutdown right as we move into tax season."

Bort is primarily concerned with two interconnected types of threat actors: for-profit hackers and organized nation-state groups. For-profit hackers will either want to sell data back to nation-states, or are looking for personal identity records to use in fraud and identity theft. Nation-state actors may include "China, Iran, Russia, and North Korea," said Bort. "But I don't think they will 'attack.' I do think this is a good opportunity to step up iterative campaigns to compromise, gather intelligence, and place something quiet for the future."

Eurasia Group predicts high risk of worldwide cyber conflict in 2019

A cyberattack or data breach targeting government agencies during the shutdown could also cost taxpayers millions of dollars. In its annual data breach analysis report, IBM estimated the average total cost per breach to businesses was about $3.86 million in 2018, up 6.4 percent from the previous year. The cost to the government could be significantly higher because without proper monitoring during the shutdown, digital holes could persist for weeks or longer.

The shutdown will also impact agencies' ability to upgrade existing systems, repair hardware, and build new cyber defense capabilities, said Dave Mihelcic, chief technology and strategy officer for Juniper Networks and the former chief technology officer of the Pentagon's Defense Information Systems Agency.

"Many projects were likely already on hold due to the continuing resolution affecting numerous agencies," said Mihelcic. "With the shutdown, even previously funded efforts have been slowed. For example, the upgrading of desktop operating systems to the most recent and secure versions. The shutdown could have lasting impacts in the cyber-readiness longer term."

Ray DeMeo, co-founder and COO of cyber-defense firm Virsec, is concerned that the government shutdown could have negative long-term consequences on government staffing and recruiting for important cybersecurity jobs in the future. These jobs, DeMeo says, keep Americans safe.

"Even at full capacity, resources are at a bare minimum for the mountain of work at hand just to get the government's IT infrastructure up to minimum levels of resiliency, all while working against the nonstop firehose of hour-by-hour attacker assaults," DeMeo said. "Attempting to parse critical and non-critical cyber personnel is not possible. It's quite literally dismissing the people who are building your fort while you are in the middle of fighting a war."

First published on January 16, 2019

© 2019 CBS Interactive Inc. All Rights Reserved.

Dan Patterson

Dan Patterson is a senior producer for CNET and CBS News. He covers the tech trends that shape business, politics, and culture.

Government shutdown lays out "welcome mat" for hackers

Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.

updated 1M ago

Iran claims U.S. holding Iranian state TV news anchorwoman

FBI has not confirmed or denied that U.S.-born Marzieh Hashemi was detained as she arrived in St. Louis to visit family

updated 12M ago

Uncertainty on Wall Street is at a record high

A key measure of global economic uncertainty hit its highest level ever this month amid all kinds of worrisome news

updated 26M ago

NY eateries cut staff hours as minimum wage hits $15

Many owners also report eliminating positions and raising prices, but others find different ways to offset higher pay

updated 22M ago

Transcript: Robert Pape talks with Michael Morell on "Intelligence Matters"

To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape

1H ago

Government shutdown lays out "welcome mat" for hackers

Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.

updated 1M ago

Transcript: Robert Pape talks with Michael Morell on "Intelligence Matters"

To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape

1H ago

To recruit in the U.S., ISIS steals Western ideas, says terrorism expert Robert Pape

On the "Intelligence Matters" podcast this week, Pape, the director of the Chicago Project on Security and Threats (CPOST) at the University of Chicago, talks with CBS' Michael Morell

1H ago

Why it would be hard to build a border wall

Even if it gets funded, regulations and a lack of accessibility would make building a wall along the southern border extremely difficult

1H ago

Shutdown bringing "uncharted" uncertainty to Super Bowl planning

TSA worker sickouts, already lengthening airport lines, could make crush at Atlanta's airport even worse if gov't remains partially shut down on game day

2H ago

Iran claims U.S. holding Iranian state TV news anchorwoman

FBI has not confirmed or denied that U.S.-born Marzieh Hashemi was detained as she arrived in St. Louis to visit family

updated 12M ago

Why Theresa May's Brexit defeat matters to the U.S.

With just 72 days until the U.K. is scheduled to leave the EU, economic uncertainty caused by the landslide vote could ripple across the Atlantic

updated 25M ago

U.S. businessman among those killed in Kenya terror attack

Friend says Jason Spindler was "one of those rare men who was loved by pretty much anyone" as Kenyan leader puts toll from al-Shabab attack at 14

1H ago

Race to find boy stuck down deep hole in Spain

Officials say hair pulled from 330-foot hole bored in search of water proves 2-year-old boy is inside, but they can't reach him yet

updated 50M ago

British lawmaker delayed giving birth to vote against Brexit

"My decision to delay my baby's birth is not one I take lightly …" British Member of Parliament Tulip Siddiq tweeted

6H ago

New "Ghostbusters" movie slated for summer 2020

Latest installment in the Ghostbusters series begins production this summer — but there's no word yet on the cast

9H ago

Rihanna sues father for allegedly misusing the Fenty name

They share the Fenty last name — but only Rihanna has the trademark

14H ago

Watch the first trailer for "Spider-Man: Far from Home"

"Spider-Man: Far from Home" debuts in theaters July 5

14H ago

Molly Ringwald talks "real" moments of new movie

Actress was a teen Hollywood icon in the '80s, starring in classic movies including "The Breakfast Club," "Pretty in Pink," and "Sixteen Candles"

17H ago

Kim Kardashian reveals gender of baby No. 4

Kardashian revealed the news to Andy Cohen, who is also expecting a baby boy with a surrogate

17H ago

Government shutdown lays out "welcome mat" for hackers

Trained staffers at the nation’s most important cyber-defense agencies are not working due to the partial government shutdown.

updated 1M ago

Antarctica's ice is melting faster, raising risk of sea level rise

The yearly loss of Antarctic ice mass has increased six-fold since 1979, scientists report

20H ago

Netflix hikes prices on all subscription plans

On the heels of a blowout success with "Bird Box," the streaming service is raising monthly prices by $1 or $2

20H ago

Iran admits failed launch of satellite U.S. worries about

Tehran plans to put at least two into orbit that Washington says use tech that could be used to deliver nuclear weapons

Jan 15

"Marty" the robot ready to roll at some grocery stores

Fully autonomous robotic assistants will cruise the aisles looking for potential safety hazards

Jan 14

Experimental patch could offer once-a-month contraception

Microneedle patch would be placed on the skin for a few seconds each month and would slowly release contraceptive drugs over time

17H ago

Fraud allegations at facility where vegetative patient gave birth

A former top prosecutor in Phoenix will investigate what happened at the long-term care center where a vegetative patient gave birth

14H ago

Baby gets hearing aids, can't stop giggling

The baby's infectious laughter has melted hearts across the country

15H ago

Poor sleep may take a toll on your heart

New research finds not getting enough good sleep could affect your risk of heart disease

Jan 14

Americans more likely to die from opioids than a car crash

A new report from the National Safety Council sheds light on the most common causes of accidental death in the U.S.

21H ago

Uncertainty on Wall Street is at a record high

A key measure of global economic uncertainty hit its highest level ever this month amid all kinds of worrisome news

updated 26M ago

NY eateries cut staff hours as minimum wage hits $15

Many owners also report eliminating positions and raising prices, but others find different ways to offset higher pay

updated 22M ago

Shutdown squeezing nation's craft beer makers

Agency that regulates alcohol production and distribution is closed, so permits being held up for new brews, new breweries and interstate shipments

2H ago

Most Americans couldn't cover a $1,000 expense

Dearth of savings leaves many people unable to cope with even ordinary financial emergencies

7H ago

Why have a Big Mac when you can have a Supermac?

Victory for Irish fast-food chain means McDonald's no longer has trademark on "Big Mac" in Europe

12H ago

1 dead, 2 injured in hammer attack at NYC restaurant

Two men, a 61-year-old and 50-year-old, are said to be in serious condition; police said a third victim has died from his injuries

8H ago

Man who shot rookie officer was barred from owning guns

Natalie Corona, 22, had only been patrolling by herself for two weeks when she was fatally shot in Davis, California

10H ago

Jayme Closs kidnapping suspect allegedly tried to take her 2 other times

New details are emerging about suspect Jake Patterson and his plan to allegedly kidnap 13-year-old Jayme Closs

12H ago

Former World Series MVP charged with child sex abuse

Former major league pitcher John Wetteland has been arrested in Texas and charged with abusing a child under 14

14H ago

Fraud allegations at facility where vegetative patient gave birth

A former top prosecutor in Phoenix will investigate what happened at the long-term care center where a vegetative patient gave birth

14H ago