What the government shutdown of 2019 meant for our collective cybersecurity


After five weeks, the partial U.S. government shutdown of 2019 just came to a close. In its wake comes a pinch of American labor and a delay in federal employees receiving their salaries. Additionally, transportation security and other vital federal services exhibited the strain of the prolonged impasse in Washington, D.C. During this time, cyber readiness emerged as a hot conversation topic for fear of a potentially devastating cyber attack.

During the shutdown we were fortunate that the Department of Homeland Security's new cyber agency, CISA, continued to operate with 57% of workers on the job. That's good news given the critical role cyber defense has claimed in national security, energy, and transportation, but it's far from good enough. With this gap in our nation's security infrastructure, what damage did the shutdown create? What have we learned in order to better prepare our cybersecurity for future political upheaval?  Let's look back on the last five weeks (...and even prior to that) to see how we can repair and better protect the cyber wall.

How Did We Get Here?

Ten years ago, few people serving in state or federal government offices were even thinking about cyber. The dawn of the data age, however, revealed just how important digital confidentiality, integrity, and availability are. Losing carefully developed cyber resources now is equivalent to sending the police back home during a riot in the streets -- or leaving the country's borders open and unprotected.

Knowing the government is looking to come to a compromise in three weeks we must consider: If the price of a border wall is abandoning our nation's cyber defenses, then forget the wall. 

A decade ago, who would have thought such a tradeoff would stand so starkly? Privacy for American citizens is widely considered to be a fundamental right. Government breaches in states like Texas in 2011 and South Carolina in 2012 raised questions about data privacy and the importance of cyber defense. Eventually, massive data compromises like the ones at the Office of Personnel Management and the voter database in 2015 demonstrated that the world view of security had fundamentally shifted. New cyber defense regulations hit federal agencies, and government officials renewed their interest in critical electronic infrastructure. During the Obama administration, for example, new guidance from National Institute of Standards and Technology (NIST) emerged for everything from hardware roots of trust in mobile phones to refreshing risk framework and emphasis on critical infrastructure. 

Bottom line? The federal government, which annoyingly calls everything security-related by the "cybersecurity" moniker, now gets it. The government understands that cyber matters, and it realizes how important digital confidentiality, integrity, and availability are. Cybersecurity is now no less critical to national defense and domestic peace than a standing military and a well-equipped police force. It’s a great irony, therefore, that cyber personnel around the government might not get paid or be able to get their jobs done. These are already the people who are hard to attract, train, and retain in a world of high-paying private sector jobs.

After five weeks of government closure, we add further insult to that injury. The vital work of these professionals was essentially being disregarded.

Having Said That -- Does the U.S. Even Need a "cyber Wall"?

Absolutely! There is a wall in security that still matters. It’s not the outmoded “perimeter thinking” of previous decades, and it's not the kind of wall produced by the product-centric thinking that equates physical walls with security. Instead, the wall that matters is the thin, blue (team) cyber wall of analysts and other personnel who keep our networks, data centers, and computers safe. In the digital world, the absence of that cyber wall could mean immediate theft, disruption of critical services, and attacks from millions of America's adversaries. But this human cyber wall is now, ironically, threatened while political leaders pursue a literal wall on a physical boundary.

Who knew that the price of a wall on the US Mexican border derived from pre-21st century notions of physical security would come at the price of taking people off the real cyber wall that stands between the United States and those who would attack our nation with impunity and virtual anonymity?

If we’re to avoid opportunistic potshots, political hacktivism, and digital adventurism by foreign powers, the men and women who protect our basic critical infrastructure online in the federal government should be singled out and honored for their contributions they made during the government shutdown. 

Sam Curry
About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry