From: Wall Street Journal
By Joel Schectman
Steven VanRoekel, chief information officer for the federal government, says he fears that hackers could seize on security vulnerabilities created by the shutdown to infiltrate U.S. systems.
The furloughs resulting from the budget showdown have reduced the number of cybersecurity staff across federal agencies, creating an opportunities for hackers to strike, Mr VanRoekel told CIO Journal. “I worry about cybersecurity in the midst of a shutdown,” Mr. VanRoekel said. “If I was a wrongdoer looking for an opportunity, I’d contemplate poking at infrastructure when there are fewer people looking at it,” Mr. VanRoekel said in a telephone interview Wednesday night as President Barack Obama prepared to meet with congressional leaders to negotiate over the budget standoff.
While the partial shutdown exempts workers critical to national security, in practice Mr. VanRoekel said cybersecurity for most federal sites was being run on a “skeleton crew.” Prior to the shutdown, Mr. VanRoekel advised U.S. agencies to exempt cybersecurity staff that monitor computer networks for attacks. But most staff that specialize in responding to cyberattacks have nevertheless been furloughed, Mr. VanRoekel said. In the event of an attack, those responders could still be called in, Mr. VanRoekel said. But the loss of real-time response “is a little bit worrisome for me,” he said. “I have fewer eyes out there.”
The Department of Homeland Security has maintained some staff capable of responding to cyberattackers, Mr. VanRoekel added. “But generally for agencies that are not DHS, they would have to have skeleton crews and call people in” in the event of an attack, he said.
Mr. VanRoekel said he was unable to assess what percentage of the government’s cybersecurity staff, or IT workers overall, are currently furloughed. The decision of who to exempt from shutdown is being made on an agency-by-agency basis. Mr. VanRoekel says the shutdown has left him unable to gather that information. “The people I would have do that assessment are currently not working,” Mr. VanRoekel said. “Doing that assessment is not an exempted activity.”
Leave a Reply