A report by SecurityScorecard assessed 128 federal agencies in three categories related to their overall cyber posture during the 35-day government shutdown: network security, patching cadence, and endpoint security. While network security scores dipped slightly during the shutdown, agencies improved their grades in the other two categories, apparently due to general inactivity within their departments.
The researchers attributed the drop in network security to a spike in expired SSL certificates. Feds must consistently renew the protocols, which enable web browsers to securely connect to the internet, but they were unable to do so when agencies were shuttered.
Though agencies let a handful online security protocols lapse during the shutdown, many cybersecurity workers continued to work without pay while agencies were closed, and researchers speculate they took advantage of the decreased internal traffic to catch up on overdue patching.
Likewise, agencies significantly improved endpoint security during the shutdown, largely because there were so few endpoints in use as furloughed employees were forced to stay offline.