Cybersecurity experts across the private sector expressed concerns today that a Federal government shutdown would have major negative impacts on the Cybersecurity and Infrastructure Security Agency’s (CISA) ability to defend Federal networks and keep its critical cyber programs running.
During a House Homeland Security Cybersecurity and Infrastructure Protection Subcommittee hearing on CISA’s cybersecurity programs today, industry leaders weighed the effects of the possible government shutdown after Sept. 30 on the agency’s ability to safeguard against cyberthreats, noting that a shutdown would be “just terrible for this nation.”
“This shutdown will obviously cause delays, and some cyber projects will come to a halt,” the president of cybersecurity firm Armis, Brian Gumbel, said to lawmakers. “The longer we delay, the longer the adversaries will have the chance to get in front of us. So, delays are just terrible for this nation, and it’s going to cause some major impact.”
The subcommittee hearing today revolved around two of CISA’s Federal threat defense systems: the Continuous Diagnostics and Mitigation (CDM) program and the National Cybersecurity Protection Program (NCPS) – which includes EINSTEIN.
The 20-year-old EINSTEIN program is used by CISA to detect and block cyberattacks aimed at Federal civilian agencies. But CISA is looking to modernize “legacy capabilities” under its EINSTEIN program.
Gumbel said that in this regard, a government shutdown is a “big concern.” Even a continuing resolution (CR) – which keeps the lights on but only finances the government at a restricted level of its budget from the previous fiscal year – would stall CISA’s ability to move forward on these modernization projects.
“My view is that we need to obviously match what CISA is doing in order to progress some of the changes in the systems that we’re looking to put forth. So I think it’s a big concern,” Gumbel said.
Joe Head, the chief technology officer at cybersecurity company Intrusion, expressed similar concerns with a continuing resolution, noting that CISA faces falling behind in threat detection due to a lack of funding.
“The big programs under a CR continue in the previous funding levels, or 80 percent. The thing that just hits you the hardest is the new initiatives just stop completely and we need a lot of innovation in cyber,” Head said.
“You can’t start new effort under a CR but you can continue an old one. And this is all new – it’s new every day with a new breach, new zero-day, new attack,” he added.
Director of Public Policy and Strategy at CrowdStrike, Rob Sheldon, added, “You don’t get to have good cybersecurity outcomes if you don’t have continuity in your cybersecurity programs, and the absence of funding could disrupt that.”
Meanwhile, the American Federation of Government Employees National President Everett Kelley issued a statement today, saying that “a government shutdown would be a disaster for the American people and the federal employees who keep our government running. Shutdowns hurt local communities across the country, deny Americans access to government services, and do significant damage to the overall economy.”
“During the last partial government shutdown, 800,000 federal employees went five weeks without a paycheck, with half forced to work without pay and another half locked out of their jobs. The U.S. economy also took an $11 billion hit,” he continued, adding, “These costly outcomes are completely avoidable. Congress needs to do its job and pass a continuing resolution to keep the government funded at current levels while continuing to negotiate a final budget. Nothing less is acceptable.”