As this blog is being written, the U.S. has reinstated all government services that were impacted by a shutdown that lasted about four weeks. Another shutdown is looming, if Congress and the President cannot get together on new border security legislation.

In these situations news coverage typically focuses on which agencies are closed and the financial struggles of furloughed workers. However, there is another concern that is equally significant – the increased threat of a security breach.

During the January shutdown, the federal government’s Cybersecurity and Infrastructure Security Agency did not have the services of 1,500 of its 3,500 employees. It’s impossible to quantify the exact impact of that shortfall, but it is certainly possible that software security patches were not always updated as needed. And once the shutdown ended, there was likely a backlog of tasks that will also be delayed.

We already know from daily headlines that Russia (and probably China and Iran) is trying to infiltrate government websites. What better time to go after classified information than when our defenses are down? And the longer the shutdown, the bigger the risk.

Another online issue relates to the suspension of some online activities.

For instance, the manufacturing.gov site was unavailable during the shutdown. That may seem like more of an inconvenience than a security threat. But it’s also an invitation for malicious IT experts to set up a fake manufacturing.gov site and mine the personal information of unsuspecting visitors. If someone visits the fake site and enters a password, the hacker will gain access to their personal information.

Official government sites all have security certificates, of course. But if they expire because of a shutdown or through sheer negligence, it presents an opportunity for cyber-criminals just waiting to be exploited.

Assessing the extent of the risk during a shutdown is complicated, as the Department of Homeland Security’s Cyber Division will not publicly comment on their status or about which IT workers are at their posts.

While it’s important that everyone be vigilant online, some extra care to stay safe is recommended in these situations.

Ransomware is another ongoing threat, especially at government and public sector websites. 360Civic is proud to announce the publication of Ransomware and Municipal Websites: A Prevention and Protection Strategy, a white paper that explains what ransomware is, how it works, and why it so frequently targets websites connected to state and local government.

The document is available for free on our website.

Ron Zayas

CEO

Ron Zayas is an online privacy expert and CEO of Ironwall by Incogni. A sought-after speaker and author, Ron has helped courts, law enforcement, and other public service organizations across the count... Read more

Ready to Protect Your Organization?

Request a Quote