Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Shutdown, Policy Gridlock Deal Major Blows to Cybersecurity Efforts
Shutdown, Policy Gridlock Deal Major Blows to Cybersecurity Efforts
By Sandra I. Erwin


Richard Bejtlich, Sen. Saxby Chambliss, Chris Finan and Tim Sample

A mix of pessimism and disbelief best describes the mood of the cybersecurity community, which is seeing programs derailed by the U.S. government shutdown and policy priorities relegated to the bottom of the pile of unfinished business in Washington.

Cybersecurity advocates on Capitol Hill also have been frustrated as new legislation remains stuck in gridlock and mired in contentious debates over government surveillance.

The most immediate consequence of the shutdown that began Oct. 1 is a demoralized workforce, government and industry officials said Oct. 8 at a Politico cybersecurity conference in Washington, D.C.

At the National Security Agency, the U.S. government’s most skilled cyber workers have been told to stay home, including nearly 1,000 Ph.Ds, about the same number of mathematicians and 4,000 computer scientists, said Army Gen. Keith Alexander, commander of U.S. Cyber Command and NSA director.

The furloughs also will undermine U.S. government initiatives to recruit new workers, Alexander said at the conference.

Lawmakers who have long been engaged in cybersecurity policy oversight said they worry that the shutdown is distracting government agencies from protecting the nation from hackers and spies.

“If we have to take a step backwards because of the lack of funding, that gives the bad guys an opportunity,” said Sen. Saxby Chambliss, R-Ga., ranking member of the Senate Select Committee on Intelligence

Chambliss would like to see the Senate move forward with a debate on a two-year old piece of legislation that the House passed — the Cyber Intelligence Sharing and Protection Act, or CISPA — intended to promote intelligence sharing on cyber attacks between the government and the private sector. The bill has been stalled in the Senate due to disagreements over the role of civilian and military agencies in dealing with the private sector. The Snowden leaks also have put the brakes on the legislation, as many lawmakers want to address concerns about government surveillance on U.S. citizens before any cyber bill is passed.

“Cybersecurity has been crowded out” not only by the budget fight but also by calls for reforms to the Federal Intelligence Surveillance Act, Chambliss said.

The Senate expects a backlog of legislation — among the major ones being federal budget appropriations bills and the defense authorization act — to get crammed into a short number of weeks before the end of the year, which means the odds of passing a cyber bill are diminishing, said Chambliss. “The clock is ticking and here we are, arguing over funding.”

If bills slip into next year, their prospects only will worsen as Congress shifts to election mode, Chambliss said. “Things are going to get harder to deal with in January. We get into an election year and things tend to fall off the table.”

He said he worries cybersecurity will suffer a double whammy from the shutdown and from sequester budget cuts. If sequester remains in place, he said, there will be considerable furloughs in cyber agencies and the intelligence community next year. As a result of the slowdown in cyber efforts, he said, the “Chinese, Russians and Iranians licking their chops.”

A rollback in cybersecurity programs also is costly to the private sector, said Rep. Adam Schiff, D-Calif., ranking member of the House subcommittee on technical and tactical intelligence. He said government contractors lose billions of dollars a year to intellectual property theft.

The economic impact of NSA furloughs has been significant, said Rep. Dutch Ruppersberger, D-Md., ranking member of the House Intelligence Committee. “My district is known as the cyber capital of the world,” he said. “NSA contractors are losing $20 million a day.”

As the government seeks to beef up its ranks of cybersecurity experts, the furloughs are going to leave a lasting, negative impression on potential recruits, said Rep. Mac Thornberry, R-Texas, chairman of the House Armed Services subcommittee on intelligence, emerging threats and capabilities. “The upheaval is detrimental to this country,” he said. “We need budget stability. Living from CR [continuing resolution] to CR, and the threat of sequestration makes it a difficult environment to recruit people.”

At the Department of Homeland Security, more than half of the cyber workforce was furloughed. “I would argue that puts the nation at risk,” said Rep. Michael McCaul, R-Texas, chairman of the House Committee on Homeland Security

Like Chambliss, he fears that cyber legislation is getting crowded out of his committee’s schedule by the shutdown and other pending bills such as border security. “Government spending is front and center for a lot of members,” he said.

For the private sector, the realization that cybersecurity is no longer a front burner issue in Washington has been cause for alarm.

The shutdown has diverted everyone’s attention, said Tim Sample, vice president of national security programs at Battelle. The budget standoff is happening at a time when cyber threats are increasing, he said. Companies would like to see the administration and Congress agree on broad policy guidelines for cybersecurity, he said. “We do not have a doctrine. … We have a lot of programs and policies without an underlying framework.”

The vast majority of American companies do not have the means to protect themselves from cyber attacks, he said. The United States needs to address the issue that the Internet has become a de facto utility. It affects the entire global economy, he said, and should be treated as critical infrastructure.

The tech industry also is disappointed that the shutdown has eclipsed discussions on education and immigration reforms. “That is essential from a tech perspective, to ensure we have the talent to continue to innovate,” said Chris Finan, a former White House official and currently a fellow at the Truman National Security Project. “There are a lot of challenges we need D.C. to tackle” and will not be because of the budget crisis, he said. Case in point is the Obama administration’s latest draft of a new executive order that is expected to provide standards that companies can voluntarily adopt to improve cyber defenses. Finan said he went online to read the latest draft but the website was unavailable. “People are going to get sick of these shenanigans,” he said.

From a law-enforcement perspective, the government shutdown is hurting companies’ ability to obtain valuable threat intelligence from the FBI, said Richard Bejtlich, chief security officer of Mandiant, a cybersecurity firm. “One of the most effective programs I've seen is the FBI external notification program,” he said. The FBI informs companies of suspected intrusions. “Interruptions to that program worry me,” he said.

Jay Kaplan, CEO of Synack, said the shutdown only aggravates a larger human-capital problem that the government faces as it tries to beef up cybersecurity. Talent shortages are going to be a serious handicap for federal agencies, he said. “Government workers are disparaged by elected officials, they have no realistic prospects of increases in pay.” The federal procurement process, too, is a deterrent to recruits, he said. To manage multibillion-dollar programs takes knowledge and experience, he said, “and a lot of that is leaving.

Photo Credit: Rod Lamkey Jr./POLITICO

Comments

Re: Shutdown, Policy Gridlock Deal Major Blows to Cybersecurity Efforts

I am contractor for a Federal Agency employed as a cyber security incident responder. During this shutdown, I am going without pay, and unlike Civil Service employees, there has been no bill passed by the House to reimburse contractors for their lost wages. I would still be at my post - unpaid - if I were not prohibited from working by federal law.

This situation creates a very serious danger for our nation caused by a convergence of factors:

1) The information systems of the United States Government are under continual attack from sophisticated and well-funded foreign governments. At this moment, practically no one is working to repel those attacks. We are in fact engaged in a cyber war right now with several nations. And at this moment – no one is guarding the fort.
2) Under normal circumstances, the US Government has a serious shortage of trained personnel to maintain countermeasures to those cyber attacks.  Most of the personnel that do exist are now furloughed contractors, who have no hope of reimbursement once they return to work.
3) Since the private sector has a similar shortage of trained cyber security personnel, it behooves those of us who are employed as Federal contractors to seek more reliable employment elsewhere. This will only increase the personnel shortage and exacerbate the risks to the information systems that are an essential part of Federal Government operations.

I have no doubt that several hostile foreign governments are currently celebrating their unfettered freedom to compromise the security and operational integrity of the Federal Government’s computers and networks. And I am challenged to express in words how demoralizing it is to be considered “non-essential” and to be summarily tossed off our jobs and told to eek out an existence without pay.

Those of us who work as cyber security contractors for the Federal Government are generally paid less than our counterparts in the private sector. Patriotism and pride in our mission is a large part of our compensation. But pride and patriotism won’t pay our bills, feed our children, or compensate for the lost wages caused by unreliable employment.
Patrick Bryant at 10/10/2013 1:07 PM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share