Skip to main content
close search
site logo

CISA furloughs will cut deep if government shuts down

The agency will have to operate with a skeleton staff, which will reduce assessments and other programs for underserved critical infrastructure sectors and private industry partners.

Published Sept. 29, 2023
David Jones's headshot
Reporter
An angular view of the U.S. Capitol building against a clear blue sky.
Permission granted by Dan Zukowski

A government shutdown will have severe ramifications on the nation’s ability to combat malicious cyber threats from criminal gangs and state-linked threat groups, federal officials and leading cybersecurity analysts warn. 

The Cybersecurity and Infrastructure Security Agency would be “degraded” in its ability to provide timely and actionable information to help partner organizations defend their computer networks, the Department of Homeland Security said in a fact sheet released Thursday. 

CISA would have to furlough about 80% of its staff, with only 571 of the agency’s 3,117 workers remaining on duty during the shutdown. The federal government will shut down at 12:01 a.m. Sunday unless Congress reaches a deal on a funding agreement. 

The shutdown comes at a critical time for CISA and other federal agencies, as the U.S. has begun to roll out key implementation steps under the national cybersecurity strategy. 

The U.S. has faced a wave of threat activity in recent months, including the state-linked attack on Microsoft Exchange that led to the theft of thousands of emails from the U.S. State Department; a pair of suspected ransomware attacks against major casino operators in Las Vegas and an unfolding attack against Johnson Controls International

“This means that the primary agency responsible for cyber and critical infrastructure threats will operate with a significantly reduced staff, which could impact its ability to respond to potential cyberattacks on federal agencies and critical infrastructure,” said Jeffrey Wells, a partner at Sigma7.

A government shutdown would force CISA to suspend physical and cybersecurity assessments for government agencies and private sector organizations, according to DHS. Under-resourced critical infrastructure providers, such as water companies, healthcare providers and K-12 schools would potentially face a higher risk of ransomware, officials warned. 

“When you’re working with only 20% of your staff, you just don’t have the numbers to do anything but put out fires,” Bryan Ware, chief development officer at ZeroFox, said via email. “Too much goes on on a daily basis.”

CISA has provided critical help to numerous private sector organizations. The agency helped MGM Resorts respond to the cyberattack that degraded their vast hotel and casino operations earlier this month. 

Earlier this year, CISA launched a pilot program to warn agencies of ransomware risk due to software vulnerabilities. The agency also launched a partnership to provide wide access to security logs in the wake of the Microsoft Exchange attacks. 

The impact of a furlough will reach even beyond CISA. Lisa Monaco, deputy attorney general at the Department of Justice, warned a furlough would impact the agency’s ability to do its job related to cybersecurity threats. 

“The cascading effects of something like this is, really, I think, quite dangerous and quite irresponsible," Monaco said Tuesday at a Washington Post Live event. “And we need to be able to …  give our employees some certainty that they can come to work and do their job.”

Filed Under: Policy & Regulation

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Policy & Regulation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell