The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) workforce tasked with maintaining the cybersecurity of the country’s critical infrastructure industries—such as healthcare systems, banking, water, energy, and nuclear—has been virtually halved due to government shutdown-related furloughs, according to CNBC. In addition, 85 percent of the staff at the National Institute of Standards and Technology, who help both private- and public-sector companies stay up to date on cyberattacks and mitigation practices, have been furloughed.
This skeleton crew status is bad news for the nation’s cybersecurity readiness. “CISA coordinates all cybersecurity efforts between the government and its private partners, ensuring both are properly trained and prepared to handle potential cyberattacks,” said Jon Murphy, leader of the cybersecurity practice at consulting firm Alliantgroup, in the CNBC article. Fewer employees likely means a growing backlog of security updates that have not been performed, leaving those systems vulnerable.
Even routine website maintenance is being pushed to the backburner. As the shutdown drags on, experts are concerned that the government is creating an ideal situation for hackers awaiting the opportune moment to strike. “Because almost all ‘routine’ maintenance includes a level of security patching along with human touchpoints, we have laid out the welcome mat to any and all nefarious actors,” said Mike O’Malley, vice president of strategy at Radware, to CNBC.
Since the shutdown began, dozens of US government websites have seen their security certificates expire, stopping them from accessing the tools needed to properly encrypt and secure their information and thus increasing their vulnerability to hackers and malware attacks.
The healthcare industry is all-too-familiar with the increasing incidence and complexity of cyberattacks, from small-scale targeted attacks to far-reaching ones such as WannaCry and NotPetya. In a recent article for Forbes, award-winning cybersecurity specialist Rajinder Tumber predicted that we are likely to see another major cyberattack as early as 2019, one that could potentially cause “sustained disruption of essential services, leading to severe economic or social consequences or to the loss of life.” According to Tumber, an attack of this sort would likely affect key elements of the nation’s critical national infrastructure, such as transport, healthcare, energy, communications, water, and emergency services—industries that rely on CISA to help them maintain up-to-date cybersecurity readiness.
Sarah Sheber is assistant editor/web editor at Journal of AHIMA.