WASHINGTON -- As dozens of U.S. Departments and agencies remain closed for the fourth week in a row, experts are warning of the damaging impact the extended shutdown could have on the nation’s cybersecurity.
- Nearly half of DHS cybersecurity workers furloughed
- Experts worry lack of support leaves nation vulnerable
- Make sure websites have security certificates
“We’re absolutely concerned about security on a multitude of levels," said Rep. Daren Soto, D-Kissimmee.
As the shutdown continues indefinitely, nearly half of the employees in the Dept. of Homeland Security's cybersecurity division have been furloughed, as have the majority of the staff at the National Institute of Standards and Technology, which is responsible for setting standard security guidelines for federal agencies and the private sector.
“The longer the shutdown continues, there’s more of a risk of something bad happening within the networks, and the infrastructure and the team not being able to support it," said George Zoulias, the CEO and founder of Perfecta, a cybersecurity firm.
Zoulias said as a result of the partial government shutdown, agencies which have a key hand in the nation's cybersecurity are taking a hit.
“When people shut down their operation centers, or people shut down their backend IT support framework, or the administrative support to their IT staff, you’re losing the people that actually can respond to incidents," Zoulias explained.
That means security certificates for official government websites are not being renewed, potentially making users vulnerable.
Secure Sockets Layer certificates, also known as SSL or security certificates, encrypt the connection between a website and the computer you're using to browse it, so that any data you are transmitting is secure. If a site has an active security certificate, you'll notice a lock next to the address bar in your web browser. The URL for the site should also start with "HTTPS."
"If people happen to go online and they see the certificate is expired for a website that they are used to using for government access, then they shouldn’t use it," Zoulias advised. "I would suggest that they use the phone lines and try to call them.”
In the long term, experts worry the extended shutdown could also hurt the federal government’s ability to recruit cybersecurity talent, which already is a challenge when competing with companies like Google and Amazon.
“If there isn’t the security of having a paycheck, or if there is a likelihood of a long or protracted government shutdown then the value proposition shifts and the employees might look elsewhere to commercial companies, or academic or anywhere else," he said.