Dive Brief:
- About 45% of the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency's workforce are furloughed, or given a leave of absence with an undetermined end, as a result the government shutdown, according to a Duo report.
- An additional 45% of employees at DHS's analysis and operations team is also furloughed while the National Institute of Standards and Technology (NIST) has seen 85% of its workers furloughed.
- A NIST computer scientist and IT specialist are staying on board to manage the National Vulnerability Database while 16 employees handle time servers, according to the report. Another IT specialist is responsible for the National Cybersecurity Center of Excellent.
Dive Insight:
The government shutdown, which began at midnight on Dec. 22, is now nearing 20 days. About 800,000 federal employees are feeling the impact of the shutdown, with no pay and no indication of a resolution in sight.
Federal jobs deemed "essential" continue their work despite the shutdown, but the categorization has its limitations.
For example, the Department of Justice and Treasury Department acknowledged the criticality of computer security incident response and emergency operations personnel, according to Duo. However, during the shutdown, cybersecurity is unintentionally taking a backseat.
The federal government already has security retention concerns because top talent is more inclined to work for the private sector and bigger paychecks. Part of the issue is a narrow acceptance of skills. Cybersecurity talent is contingent upon much more than tech talent as agencies need workers equipped for policy interpretation and explaining technology to the nontechnical.
Compliance with a laundry list of regulations is not the top issue for some federal CISOs; instead they focus on what their risk is and what actions should come next. The enterprise needs to be aware of the stagnant state of federal cybersecurity personnel right now because critical protective forces hang in the balance.
The private sector depends on the public sector's involvement in security just as much as the government relies on tips submitted by the private sector. Federal security experts know a cyberattack isn't always immediately felt. Instead, it can be a slow bleed of accessing or stealing data.