During the brief federal shutdown, agencies got a look at what has changed since it last happened in 2013, and a preview of what to expect if it happens again; the current funding resolution expires on Thursday, February 8.
Cybersecurity is more prominent, as reflected by the OMB’s memo providing guidance to agencies, saying they “should maintain appropriate cybersecurity functions across all agency information technology systems, including patch management and security operations center (SOC) and incident response capabilities.”
But this doesn’t mean full staffing of those functions. The National Protection and Programs Directorate, which helps manage both the Continuous Diagnostics & Mitigation and Automated Indicator Sharing programs, is supposed to furlough 45 percent of its total workforce and up to 80 percent of its cyber workforce in the event of a shutdown.
Former federal CIO Tony Scott expresses concern that the interconnectedness of systems could lead to problems when only some are shut down. The OMB guidance warns of such scenarios without offering a solution.
Former federal CISO Greg Touhill worries that too many cyber workers were furloughed previously, and wonders what the government would do if a major cyber attack or vulnerability were to happen during a shutdown.