October 11, 2013
In cyber security, all vulnerabilities are basically bugs; like any bug, the longer it goes unfixed, the costlier that fix will end up being. So what happens when the watchers can't work?
Everyone’s buzzing about the government shutdown right now – with good reason – and the IT industry isn’t immune. A lack of funding for the development of important software and a forced “vacation” for a lot of the people who give authorizations and process forms have combined to slow most industries to a snail’s pace. However, there’s a much more dire possibility than slow visa approval and equipment launches, and this relates to the urgent concern of our country’s cyber security.
It’s important to remember that, in cyber security, all vulnerabilities are basically bugs; like any bug, the longer it goes unfixed, the costlier that fix will end up being.
As our politicians flounder on their compromises, there’s a lot at risk here, and the risk grows bigger the longer it takes them to figure out an acceptable answer. Here’s the problem: cyber security isn’t just a software or program you put into place and then walk away from. It’s entirely people-focused. At a recent panel discussion, Richard Bejtlich, chief security officer of Mandiant, said that “Security is mainly a people problem; even if you have the best technology, you still need people to run it. There’s really no self-defending network.” House Intelligence Committee Chairman Rep. Mike Rogers estimates that 60% of all DOD and cyber intelligence employees are on furlough. He said, “You can’t take that many people out of the work the intelligence community does and not have an impact. We have other folks trying to fill the holes with longer hours, but given the threat matrix we face today, I think we need to work through this thing very quickly.”
It’s important to remember that, in cyber security, all vulnerabilities are basically bugs; like any bug, the longer it goes unfixed, the costlier that fix will end up being. This shutdown is making the job of government security testers difficult or impossible- assuming they aren’t on furlough, that is. Security vulnerabilities are bad enough in small, private companies; on the government level, they could wreak catastrophic damage. As a country, we’re getting less secure every single day that our government is shut down.
There’s also the very real threat of international hackers, those boogiepeople who’re paid by their governments to try to infiltrate ours. According to Politico, Rep. Tammy Duckworth said recently that “If somebody wanted to attack us, this [is] a great time to launch an attack on the United States.” This vulnerability could open up our government to threats from those employed by other governments; the aforementioned security panel specifically mentioned the 2 million people employed by the Chinese government just to maintain their national security system; who knows what kind of manpower they could devote to taking down ours?
However, that’s not to say that the concern is only international – there’s plenty of trouble back home too. With an industry that evolves as quickly as technology does, every day that American tech specialists are off the clock is one day further behind all of our technologies are. That doesn’t sound like a big deal in theory, but any innovations that the government is falling behind on also hugely compromises our security and means that the developers and technicians will have to play a lot of catch-up when they’re back on the job. Therefore, our security could be compromised for even longer than it takes the government to bring these people back to work as they struggle to keep up with what they missed when on “vacation.”
There’s also plenty of justified concern about the wetware problem of internal hackers, either from our general population or even within the government. This is exacerbated both by the aforementioned technological lag and also the fact that there are now thousands of individuals with various levels of access to and experience with government IT who suddenly have lots of time on their hands. Though back pay for furloughed employees is fairly certain, considering that they have no idea when they’ll actually receive those checks, the idea of hacking into an already-compromised system and selling what they find there may start to look pretty enticing to people who haven’t been paid in weeks. Of course, this is to say nothing of American hacker groups like LulzSec, UGNazi, and others, who have a penchant for breaking into security systems.
While the government shutdown poses a variety of problems, the question of cyber security should be one of the most concerning. When we consider these vulnerabilities and the ramifications they could have on our internal affairs, it’s fairly clear to us that defaulting on our national debt really isn’t the worst thing that could happen as a result of the government shutdown.