Advertisement

Senators ask Trump administration how badly shutdown hurt federal cybersecurity

Just how bad is the damage from the government shutdown? Senators want to know.
Amy Klobuchar
Sen. Amy Klobuchar (Lorie Shaull / Flickr).

After former U.S. officials raised concerns that the longest government shutdown in history had weakened federal cybersecurity, lawmakers are asking the Trump administration how bad the damage is.

“We are concerned that these circumstances have left our government and citizens vulnerable to cyberattacks,” five Democratic senators wrote in a letter Tuesday to Homeland Security Secretary Kirstjen Nielsen and Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command.

The senators – Minnesota’s Amy Klobuchar, Massachusetts’ Ed Markey, New Mexico’s Tom Udall, Nevada’s Catherine Cortez Masto, and New Jersey’s Cory Booker – want to know how agencies are preparing to harden their networks for a future shutdown, citing past experience as a cautionary tale.

During the 2013 government shutdown, the senators wrote, Chinese hackers compromised the Federal Election Commission’s computer network, crashing sensitive computer systems that disclose billions of dollars in spending each election cycle. “Shutdowns have severe implications for the health and security of our democracy,” the letter states.

Advertisement

Former DHS officials and lawmakers warned last week that the 35-day partial government shutdown had hindered federal officials’ ability to proactively mitigate cyberthreats, a theme echoed in the senators’ letter.

The lawmakers noted that partial government closure also significantly weakened the security of government websites as 80 of them were reportedly either inaccessible or insecure. The senators asked Nielsen and Nakasone for an update on the extent of the shutdown’s impact on federal websites, including if there will be assessments of malicious activity that surfaced on websites in recent weeks. Top national security officials told a Senate committee Tuesday that cyberthreats are among the top global threats facing the United States.

The lawmakers also want to know if DHS and other agencies can keep website encryption certificates from expiring regardless of whether the government is open or not, and whether a program of automatically renewing certificates can be instated.

Federal cybersecurity programs to detect and block malicious network traffic continued during the shutdown, but key DHS programs related to election security and vulnerability assessments were put on hold. And lawmakers have expressed concern about the amount of IT personnel on hand at agencies to implement an unprecedented emergency order that DHS issued during the shutdown.

The directive ordered civilian agencies to secure their credentials for managing domain name systems (DNS) in the face of a suspected Iranian hacking threat. At least six agencies have been affected by that malicious DNS activity, CyberScoop reported.

Advertisement

After the government reopened, DHS’s Cybersecurity and Infrastructure Security Agency said it would focus on “re-energizing” initiatives related to election security, supply chain threats, and “helping organizations counter Chinese hacking,” among other tasks.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts