Governance & Risk Management , Standards, Regulations & Compliance
DHS Official Warns of Shutdown Risks
Most Cybersecurity Employees Would Face FurloughsA top Department of Homeland Security official says the nation's IT security would be at risk if Congress fails to fund the department by week's end.
See Also: Accelerate Your Mission with Elastic as a Global Data Mesh
"We are under daily, moment-by-moment efforts by adversaries to penetrate our networks and systems across the federal government, state, local, territorial, tribal government systems and the private sector," DHS Undersecretary Suzanne Spaulding told the House Homeland Security Committee on Feb. 25. "And there is no pausing, no slowing down in that range of actors' efforts to penetrate our systems and to do us harm. We are running on a daily basis full speed ahead to try to keep ahead of those efforts of those adversaries. Anything that hampers and slows us down creates risk for us and for the nation."
A stopgap appropriation that funds DHS expires on Feb. 27, and a partisan battle over President Obama's executive action on immigration - which is funded through DHS - has stalled legislation in Congress to fund the department (see Sizing Up the Impact of Partial DHS Shutdown).
The Senate on Feb. 25 passed a bill to fully fund DHS as part of a compromise in which a second bill to strip the immigration funding would be voted on at a later time. But it's unclear if the House will agree to the compromise. The House had passed legislation to fund DHS but without the money for Obama's immigration program.
"While today's developments in the Senate are promising, it remains to be seen whether Speaker Boehner can show real leadership and put a clean bill to fund the Department of Homeland Security on the House floor," said Rep. Bennie Thompson of Mississippi, the committee's ranking Democrat. "Unless he steps up and brings his colleagues with him, DHS will shut down in less than three days. "
Spaulding - who heads the National Protection and Programs Directorate, the DHS entity that's responsible for cybersecurity and critical infrastructure protection - said 43 percent of the directorate workforce would be furloughed. Among those who would remain on the job are key personnel responsible for cybersecurity, infrastructure protection and operations, she said.
Still, delays will occur in fully implementing systems at some federal agencies to detect and prevent intrusions - Einstein 2 and Einstein 3A - as well as continuously monitor systems to identify vulnerabilities. "A week of stoppage, we can probably make up," Spaulding said. "But with each week that continues, that's another couple of agencies that are not brought on board and receiving the protection at a time when the adversary is not taking a break."
But Spaulding said the National Cybersecurity and Communications Integration Center, the DHS unit that shares cyberthreat information with the private sector, would function during "a funding hiatus," adding that DHS will have in place mechanisms to protect lives and property. "But the analytics support that feeds [NCCIC] and helps prioritize those activities will be hampered," she said.