Has The Government Shutdown Resulted In A Cybersecurity Blackout?

By Antonia Dumas, an Associate at XPAN Law Group.

Just like a blackout, a government shutdown occurs suddenly and creates a sense of chaos. This is especially true when we have faced the longest government shutdown in history. And, while the current political environment is a prominent national issue, businesses need to think about how they can best survive a possible cybersecurity blackout during the government shutdown.

Possible Cybersecurity Threats Because Of Shutdown

Although a government shutdown is not a common event, it exposes the nation, similar to the holidays or tax season, to increased risk of cybersecurity attacks. Especially while businesses are distracted with how to start off 2019 on the right foot and how to keep your business moving in light of the government shutdown, this risk is exponentially higher.  

In a moment where cybersecurity defenses may be down or lacking all around, there is a potential for cyber criminals to take advantage and seek to attack individuals by identity theft, businesses through data breaches or attacks on national infrastructure.  Business should be on the lookout for potentially more cybersecurity threats such as phishing attacks because, much like the holidays or tax season, many people are distracted and more likely to caught off guard or click on a bad link. Businesses should also be aware of the possibility of failed network patches or software updates because as a result of the shutdown there may be delays in updates or simply errors due to the lack of monitoring by government run or related entities. Another thing to keep in mind is that because of the government shutdown there could be a less information available regarding current threats due to the pause and delay of cybersecurity threat sharing and data exchanges.  This, in turn, requires businesses to rely heavily on the maintenance and monitoring of their own systems as well as enforcing employee policies and accountability. Additionally, businesses need to strengthen their vendor management to ensure they are being diligent, especially if the business or vendor’s business does any work for or with a government entity, or shares or relies on government resources since they are more vulnerable due to the government shutdown.

Limited and Delayed Federal Resources Will Be Available

The government shutdown has slowed down federal agencies across the board and has left many agencies understaffed and has paralyzed agency websites.  When funding is no longer allocated to support a federal agency and there is a lapse of funding for the coming year, some federal agencies that contribute to cybersecurity can no longer function to full capacity or essentially have to stop in their tracks. During this government shutdown, it appears that federal agencies that provide some of the most important resources have been the most affected.  

The National Institute of Standards and Technology (NIST) has been one of the most affected because the agency conducts mostly research. But the resources that NIST provides is essential as it provides guidelines regarding computer security that serve as a worldwide reference. NIST’s guidance will now be delayed as it relies on conducting continuous research and ensuring that it provides up to date guidelines. NIST’s website provided a notice that “Due to a lapse in federal funding, most of this website is not available.” However, one important resource provided by NIST, the National Vulnerability Database, has remained open so hopefully information about the latest software vulnerabilities have been kept up-to-date.

Due to the government shutdown, the Cybersecurity and Infrastructure Security Agency (CISA) has suffered a false start. The hope of a new federal agency cybersecurity has been put on hold until the government reignites and funding is made available.  Currently, not even CISA’s website is being updated and no transactions or inquiries are being processed. The only website simply states that during the shutdown: “Due to the lapse in federal funding, this website will not be actively managed.”

Business Must Be Alert and Take Action

In light of the government shutdown, businesses need to look inwards to strengthen their cybersecurity and should be aware of the uncertainty of the federal agencies and resources. Businesses must be diligent in checking that all their network security and processes are being monitored and maintained. Further, businesses should notify their employees and vendors that they must on high alert and provide immediate notification of anything suspicious.  Once the agencies get back on their feet and reliable information is once again available, businesses should look to these resources for guidance. However, remember, there is no one-stop-shop for cybersecurity nor is there a one size fits all solution. All you can do is work daily to create the strongest cybersecurity framework for your business and be diligent to maintain and update it.


Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind. If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.