One US lawmaker has warned that the impending government shutdown will put critical cyber workers out of action, leaving Americans exposed to damaging cyber-attacks.
Democratic Congresswoman Rep. Shontel Brown made the remarks during a Joint Subcommittee Hearing on Ransomware on September 27, 2023, which discussed how to combat rising ransomware attacks on US infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA), the agency which leads federal cybersecurity initiatives, will be forced to lose 80% of its employees during the potential shutdown Brown noted.
This statistic was set out in a document released by the Department of Homeland Security (DHS) on September 22, which estimates CISA will only retain 571 out of its 3117 on-board employees during a shutdown.
The partial shutdown will commence at 12.01 ET on Sunday October 1 if the annual appropriation bills are not passed, which are required to fund the US government’s activities and associated bureaucracy. This would lead to thousands of federal employees being instructed not to report for work until the bills are passed.
Brown added that the unavailability of thousands of workers at the Department of Justice (DoJ) would curtail its work investigating and taking down cyber-criminal networks.
She argued this inactivity will leave people at much higher risk of harmful consequences from cyber-attacks, such as patients being turned away from hospitals and small businesses closing down.
Brown commented: “The Biden-Harris Administration has made defending against these kinds of attacks a top priority. Thanks to the Bipartisan Infrastructure Bill, the Administration is currently providing $1bn in cybersecurity grants to state, local, and territory governments to build the cyber capabilities they need. But on Sunday at 12:01 am, these dollars are at risk of not making it out at all.”
Republican Congresswoman Rep. Nancy Mace, who is Chairwoman Subcommittee on Cybersecurity, Information Technology, and Government Innovation, pushed back on these comments, stating that the White House can provide exceptions for essential CISA employees to reduce the impact of a shutdown on federal cybersecurity operations.
“In the event that there is a government shutdown, it is up to the President of the United States and his administration to prioritize who is and isn’t essential – they can make it as painful as they want, or as painless as they want,” said Mace.
The last time a US government shutdown occurred, in 2018-19, experts highlighted its chilling effect on national cybersecurity, including 80 government web certificates expiring without being renewed.