One major problem: The federal government’s list of critical-need computer security employees has not been updated in over 15 years.
According to the influential Nextgov website, the government’s emergency call-up IT security list was last updated in 1995, ahead of the last federal government shutdown.
“In 1995, we already had that decided,” said Hord Tipton, a former Interior Department chief information officer who was Bureau of Land Management assistant director for resource use and protection during the shutdown that lasted from Dec. 16, 1995, to Jan. 6, 1996. “If they haven’t done it, there’s going to be a mad scramble, and there’s going to be a hole in the system.”
In the 1990s at Interior, the vital systems included those that monitored volcano and earthquake activity.
“You’ve got a week to do this,” said Tipton, now executive director of the International Information Systems Security Certification Consortium, an association that certifies cybersecurity specialists. “If you haven’t, you’d better get cracking. In this day and age, I would be surprised if they haven’t.”
While government agencies are indeed scrambling to put together lists of emergency security employees to fight potential hacker attacks from China and elsewhere, there’s one problem. The federal government works at the speed of bureaucracy.
Implementing lists of last-minute essential personnel to stay on staff during a shutdown requires considerable office jujitsu and cross-agency coordination. With only five working days remaining before the potential shutdown, there is a strong likelihood of a lapse in the federal government’s network security infrastructure.
All federal agencies are required to have emergency plans with lists of critical-need personnel. However, these emergency plans often lie unchanged for years and are written by individuals with little knowledge of security or IT needs.
Meanwhile, furloughed federal employees with time on their hands have another problem. If the government shuts down, all office BlackBerrys could shut down too. A little-known piece of legislation called the Antideficiency Act prohibits federal agencies from accepting voluntary work to be done during government shutdowns. The law’s vague wording empowers individual agencies to block access to BlackBerrys or to sanction users who access them in a shutdown.
The government shutdown will result in a host of inconveniences, including the loss of veterans’ health care and support services and the shuttering of non-emergency consular services abroad.