As the government shutdown was lifted, perhaps temporarily, cybersecurity workers found themselves back at work with a heap of obstructions and no clear place to start.
Christopher Kennedy, chief information security officer at AttackIQ, addressed the tension in the office and gave a detailed account of the current dilemmas these workers are rigorously facing. “As an incident responder, you just found activity that took place three weeks ago, and now you have to quarantine and clean up and fix it when three weeks of damage has already been done. The work is harder and more chaotic and maybe your toolset doesn’t work because a license is expired plus maybe people’s security clearances have expired. All of those things are adding together.”
Wired broke down the less than stellar security stance of the government prior to the shut down, admitting, “In a May report, the White House’s Office of Management and Budget found that 74 percent of federal agencies are in urgent need of digital defense improvements.” They continued to reveal that, “only about 25 percent of agencies confirmed to OMB that they are prepared to identify and thoroughly assess signs of data breaches.”
The expiration of various website encryptions left many domains at risk, warning users that the page they were utilizing may be unsafe. It will be a long road to recovery, leaving many dreading the potential threat of yet another government shutdown.