The Department of Homeland Security (DHS) – the Cybersecurity and Infrastructure Security Agency’s (CISA) parent agency – said yesterday that only 571 of CISA’s 3,117 employees would continue to work through a government shutdown – meaning that 79 percent of the agency’s staff would be staying home until government funding is restored.
Bryan Ware, formerly assistant director of the Cybersecurity Division within CISA and now chief development officer at ZeroFox, expressed dismay today about the impact of government shutdown-driven staff furloughs set to take effect at CISA next week if Congress fails to fund Federal government operations past Sept. 30.
“I can’t imagine any company, no matter how well run or efficient they are, doing what they do with 20 percent of their staff,” Ware said.
“Sometimes we think that the government is maybe inefficient or slow, but realistically with only 20 percent there, the impacts will be large,” he said, and convert CISA’s capabilities into something more akin to a “firefighting mission.”
“The only things that they will be able to do are the most urgent things, and those are likely to be reactive,” Ware said. He added, that’s “not the posture that we want to have for a cybersecurity defense organization.”
Rep. Gerry Connolly, D-Va., expressed similar concerns about CISA’s operations today during a House Oversight and Accountability Cybersecurity, IT and Government Innovation Subcommittee hearing on ransomware.
“Without funding, our crucial Federal cyber defenses will be reduced to a skeleton crew, yet still hold responsibilities to respond to attacks on our networks and critical infrastructure,” the congressman warned. “We cannot allow this to happen when we already know of the innumerable malware attacks constantly threatening our economy, schools, public health institutions, critical infrastructure, and national security.”
Similarly, cybersecurity experts across the private sector expressed concerns last week that a Federal government shutdown would have major negative impacts on CISA’s ability to defend Federal networks and keep its critical cyber programs running.
“This shutdown will obviously cause delays, and some cyber projects will come to a halt,” the president of cybersecurity firm Armis, Brian Gumbel, told House lawmakers on Sept. 19. “The longer we delay, the longer the adversaries will have the chance to get in front of us. So, delays are just terrible for this nation, and it’s going to cause some major impact.”
With the government on the brink of a shutdown as Congress remains at an impasse on funding beyond this weekend, the Office of Management and Budget formally initiated the process of preparing for a potential shutdown on Friday, Sept. 22.
Government services would be disrupted and hundreds of thousands of Federal workers furloughed without pay if Congress fails to provide funding for the fiscal year starting Oct. 1. Workers deemed “essential” would remain on the job, but without pay.
However, they will receive back pay once funding is restored to their agency. In prior shutdowns, Congress had to approve back pay for employees, but a 2019 law made it mandatory. Contractors, however, are not guaranteed back pay.
