The federal government shutdown entered its second day on Thursday with no signs of resolution amid vituperation and accusation over which party is to blame for the funding lapse. But the recent spate of cyber attacks in the US continued and the shutdown has left the country ill prepared to combat them.
Insiders at the Cybersecurity and Infrastructure Security Agency (CISA), which is charged with leading a collaborative effort across government, critical infrastructure and private industry to counter cyber threats, told Forbes the department has been shaken by the shutdown and is scrambling to deal with two big attacks this week: A “mass extortion” campaign launched against hundreds of company executives threatening an Oracle database hack and a breach of Red Hat’s private coding data hosted on GitLab, including some files on work with federal agencies.
“It's just a matter of time before something major happens.”
Inside CISA, a shutdown-depleted workforce is trying to investigate both, with 65% of the workforce furloughed, leaving it with around 900 employees, who have been given “excepted status” that requires them to continue working, per a DHS document. But multiple staffers said the furloughs, Trump administration cuts and senior leadership departures throughout the year have drastically reduced headcount to the point that it's left America more vulnerable to cyberattacks, like those this week, and ongoing threats from Chinese and Russian intelligence.
“It all seems to be potentially detrimental to national security,” one current staffer said. “It's just a matter of time before something major happens.”
“Now there are fewer people to support this kind of effort. So instead of, say, three people working on something, it’s down to just one, and they have to drop everything for the highest priority item,” said another CISA staffer, adding that currently, the mass extortion threats were top of the list.
Making matters worse, this week saw the expiration of the Cybersecurity and Information Sharing Act 2015, which facilitated the quick sharing of data among private companies—like those being hit by the Oracle database hack extortion campaign—with the government. One recently-departed CISA staffer told Forbes they were stunned the government let the Act expire, though a current staffer said, “This administration does not like CISA. We still don’t have an appointed director, so something like that [Act] is not a priority.”
As the shutdown came into force on Tuesday, CISA staff were left anxious and befuddled. One staffer described the situation as “complete chaos.” Two others said they were unaware of any detailed contingency plans for a shutdown being shared with staff. Marci McCarthy, CISA comms chief, didn’t comment directly on that , but said the agency complied with all legal requirements for a government shutdown, in line with federal law and standard procedures.
McCarthy said CISA was sustaining “essential functions” and would continue to “provide timely guidance to minimize disruptions.” She lambasted Democrats for putting “an unacceptable and unnecessary strain on our national defenses,” but conceded the lapsing of the Cybersecurity Information Sharing Act was “a serious blow.”
“CISA will continue its mission, but America’s defenders deserve both the tools and the support to meet growing threats,” she said.