Cybersecurity Concerns Rise Amid Revised Shutdown Plan
The Cybersecurity and Infrastructure Security Agency (CISA) would have about a third of its staff continue working through a government shutdown, nearly double the number of employees compared to previous plans. This revised shutdown plan, updated on Sept. 25 by the Department of Homeland Security (DHS), shows CISA would retain 1,159 "excepted" employees in the event of a government shutdown.
As of July, CISA had 3,401 on-board staff. In prior plans published in 2023, DHS had forecast that only about 577 CISA employees would continue working through a shutdown, with the remaining 80% being furloughed. This sparked concerns about the impact on U.S. cyber defenses.
Cybersecurity Concerns
Cyber experts remain concerned about how cybersecurity would be impacted during a shutdown. "U.S. cybersecurity defenses would be critically weakened during a government shutdown," Ilona Cohen, chief legal and policy officer at HackerOne, said in an email. This is due to limited staffing, including fewer cybersecurity personnel, which would affect resources and expertise available to critical infrastructure sectors.
Cohen also highlighted that the government's ability to address reported vulnerabilities, information sharing between government and the private sector, and investigations into large-scale cyber incidents would be hindered. Given the scale and urgency of cybersecurity threats, it is critical to avert the very real and potentially severe risks to national security and public safety.
Impact on U.S. Cyber Defenses
The revised shutdown plan comes as CISA helps lead the response to the China-linked Salt Typhoon hacks. CISA and the FBI continue to investigate the intrusions into U.S. telecommunications infrastructure. Homeland Security Alejandro Mayorkas said earlier this week that the hack is "still going on," despite being uncovered months ago.
While less CISA staff will be furloughed compared to prior plans, cyber experts remain concerned about how cybersecurity would be impacted during a shutdown. The risk of delayed responses and inadequate support for critical infrastructure sectors increases with each passing day.
DHS Shutdown Plans
Beyond CISA, DHS' overall shutdown plans remain largely unchanged from prior years. Most DHS employees, including airport screeners, Border Patrol agents, and disaster response staff, continue to work through a government shutdown without pay.
Components like U.S. Citizenship and Immigration Services are funded through fees and therefore are largely unaffected when Congress fails to fund the government. Out of DHS' 264,209 employees, only 29,985 would be furloughed during a shutdown, according to DHS' latest plan.
Transportation Security Administration
At the Transportation Security Administration (TSA), for example, 59,000 out of its 62,000 employees are considered "essential" and will continue working without pay during a shutdown. The TSA spokeswoman told Federal News Network that they expect to screen 40 million people over the holidays and through Jan. 2.
"While our personnel have prepared to handle high volumes of travelers and ensure the security of our transportation systems, an extended shutdown could mean longer wait times at airports," the TSA spokeswoman said. This highlights the potential risks and consequences of a government shutdown on critical infrastructure sectors.
Conclusion
The revised shutdown plan raises concerns about the impact on U.S. cyber defenses during a government shutdown. While CISA has retained more staff compared to previous plans, cybersecurity experts remain concerned about the potential risks and consequences of inadequate support for critical infrastructure sectors.
As the nation faces various cybersecurity threats, it is essential to prioritize national security and public safety. The risks associated with a government shutdown on U.S. cyber defenses cannot be overstated, emphasizing the need for continued funding and support for CISA and other vital agencies.