CISA furloughs will cut deep if government shuts down

A government shutdown will have severe ramifications on the nation’s ability to combat malicious cyber threats from criminal gangs and state-linked threat groups, federal officials and leading cybersecurity analysts warn.

The Cybersecurity and Infrastructure Security Agency would be “degraded” in its ability to provide timely and actionable information to help partner organizations defend their computer networks, the Department of Homeland Security said in a fact sheet released Thursday.

CISA would have to furlough about 80% of its staff, with only 571 of the agency’s 3,117 workers remaining on duty during the shutdown. The federal government will shut down at 12:01 a.m. Sunday unless Congress reaches a deal on a funding agreement.

The shutdown comes at a critical time for CISA and other federal agencies, as the U.S. has begun to roll out key implementation steps under the national cybersecurity strategy.

The U.S. has faced a wave of threat activity in recent months, including the state-linked attack on Microsoft Exchange that led to the theft of thousands of emails from the U.S. State Department; a pair of suspected ransomware attacks against major casino operators in Las Vegas and an unfolding attack against Johnson Controls International.

“This means that the primary agency responsible for cyber and critical infrastructure threats will operate with a significantly reduced staff, which could impact its ability to respond to potential cyberattacks on federal agencies and critical infrastructure,” said Jeffrey Wells, a partner at Sigma7.

A government shutdown would force CISA to suspend physical and cybersecurity assessments for government agencies and private sector organizations, according to DHS. Under-resourced critical infrastructure providers, such as water companies, healthcare providers and K-12 schools would potentially face a higher risk of ransomware, officials warned.

“When you’re working with only 20% of your staff, you just don’t have the numbers to do anything but put out fires,” Bryan Ware, chief development officer at ZeroFox, said via email. “Too much goes on on a daily basis.”

CISA has provided critical help to numerous private sector organizations. The agency helped MGM Resorts respond to the cyberattack that degraded their vast hotel and casino operations earlier this month.

Earlier this year, CISA launched a pilot program to warn agencies of ransomware risk due to software vulnerabilities. The agency also launched a partnership to provide wide access to security logs in the wake of the Microsoft Exchange attacks.

The impact of a furlough will reach even beyond CISA. Lisa Monaco, deputy attorney general at the Department of Justice, warned a furlough would impact the agency’s ability to do its job related to cybersecurity threats.

“The cascading effects of something like this is, really, I think, quite dangerous and quite irresponsible," Monaco said Tuesday at a Washington Post Live event. “And we need to be able to … give our employees some certainty that they can come to work and do their job.”