It’s all about ‘Money’, The government shutdown is affecting US cybersecurity

It’s all about ‘Money’, The government shutdown is affecting US cybersecurity

Jan. 11, 2019– Mary Greeley News – The partial shutdown of the US federal government, now approaching three weeks, is having at least one impact not felt during the shutdowns of the 1970s, 1980s, and 1990s.

As our online lives have grown dramatically in the last couple of decades, so have our cyber-vulnerabilities, with everything from home appliances to nuclear power plants now hackable by malefactors. And among the 800,000 government workers either furloughed or working without pay are some responsible for US cybersecurity, as Fifth Domain reported this week.

The brand new Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security (DHS), has seen around 40 percent of its staff furloughed. (The new agency, still in the process of getting up to speed, “is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats,” per its website.)

At the National Institute of Standards and Technology, which publishes the federal cybersecurity standards that both government and private companies use, 85 percent of staff are off without pay. Former DHS undersecretary Suzanne Spaulding, writing for The Hill, adds two additional concerns: As a result of the shutdown, DHS canceled a major cybersecurity conference and will miss several deadlines it was supposed to hit on new cybersecurity provisions.

It’s all about ‘Money’, The government shutdown is affecting US cybersecurity

None of this is reassuring. As cybersecurity blogger Patrick Nohe wrote on Wednesday, “even at full strength the US cyber defense apparatus is being pushed to the brink by foreign, state-sponsored hackers and cyber cells.” But many in the field are more worried about the long-term impact of the shutdown. Cybersecurity experts can command high salaries, and after a government shutdown in 2013, federal agencies saw a brain drain of talent to the private sector.

On Thursday, WNYC radio show The Takeaway broadcast an interview with Patrick, a NASA cybersecurity contractor. He said he could make the rent for February, but that if the shutdown continued, he was going to have to find another job, and that it wouldn’t be difficult to do so in Silicon Valley. He observed,

“Most of the people that are in my position … are here for the mission, not the money.

But now that it’s clear that our employment isn’t stable—we have families and we have bills, and I think many people are just going to leave, and the government is going to have a very hard time recruiting people back to refill those positions, because they’ll see the experience that those of us have had.”

In the early days after the Sept. 11, 2001, attacks, the Bush White House cut by nearly two-thirds an emergency request for counter-terrorism funds by the FBI, an internal administration budget document shows. The document, dated October 12, 2001, shows that the FBI requested $1.5 billion in additional funds to enhance its counter-terrorism efforts with the creation of 2,024 positions. But the White House Office of Management and Budget cut that request to $531 million. Attorney General John D. Ashcroft, working within the White House limits, cut the FBI ‘s request for items such as computer networking and foreign language intercepts by half, cut a cyber-security request by three quarters and eliminated entirely a request for ‘collaborative capabilities.’

Immediately after September 11,2001, Bandar arranged for a mass exodus of Saudi royals, intelligence personnel, and other Saudi nationals from the United States, including members of the bin Laden family, with the full cooperation of the United States government. He placed them beyond the reach of any future inquiry.

It’s all about ‘Money’, The government shutdown is affecting US cybersecurity

Amid coverage of Russia’s involvement in the 2016 presidential election, more news of nefarious Russian cyber activity has come to light. This time, a Russian campaign to infiltrate U.S. power and infrastructure sectors gained access to and observed these organizations for an undetermined amount of time.

Russian hackers infiltrated the control rooms of multiple electric utilities over the past year, gaining the ability to cause blackouts and grid disruptions, officials from the Department of Homeland Security.

In a joint technical alert released on March 15, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) revealed that, since at least March 2016, Russian government hackers attacked U.S. government entities and critical infrastructure organizations in the energy, nuclear, commercial facilities, water, aviation and manufacturing sectors.

According to the report, the attacks were not random. To gain access to their victims’ networks, hackers employed well-known techniques in multistep attacks, going after smaller companies’ networks en route to their primary targets—American power plant computers and networks.

It’s all about ‘Money’, The government shutdown is affecting US cybersecurity

First, hackers attacked smaller, less secure companies well-known to their primary target—parts manufacturers or software companies the power plant uses, for example. After gaining access to these networks, the hackers then used these trusted and seemingly legitimate sources to send inquiries to the primary targets.

In some instances, hackers used a technique called “spearphishing,” in which they sent emails from a compromised account to get their target to reveal confidential information. In another method, “waterholing,” intruders altered websites people in the energy industry regularly visit, so they collect information like logins and passwords. Other attacks involved emails asking users to open word documents that contained links, which when clicked, ran programs that gave hackers access to the target’s computer.

Once hackers had access to power plant and other infrastructure networks, they set up local administrator accounts (giving them access and permissions to install programs and make other changes to these networks), then installed malware in the networks and protocols to hide their intrusion.

The report states that from here hackers primarily collected information—captured screenshots, recorded details about the computer and saved information about user accounts. It does not state if the attackers were able to control how power plants generated power.

Mary Greeley News