DHS shutdown: 'There's an opportunity cost'

Federal agencies won't lose their existing Department of Homeland Security cyber protections if a DHS spending bill is not enacted this week, but big cyber projects and the security workforce could face longer-term, less tangible effects.

"I don't think there will be an immediate operational impact on DHS cybersecurity operations," said Mark Weatherford, former deputy secretary of cybersecurity at DHS and now a principal at The Chertoff Group.

Cybersecurity operations at the National Protection and Programs Directorate (NPPD) and the Office of Cybersecurity and Communications (CSSC) that contain big chunks of the department's cybersecurity capabilities, he said, most likely will continue uninterrupted because their operations are deemed essential.

The looming shutdown would land at DHS much like the 2013 shutdown did across the federal government. If Congress can't pass a spending bill that President Barack Obama signs, DHS will keep exempt employees working -- but with no pay. Exempt employees' jobs are "necessary for safety of life and protection of property," according to federal rules.

Non-exempt employees -- which include administrative, management and programmatic personnel -- would be furloughed under a shutdown.

The biggest impact from such an event, said Weatherford, would be felt at developing cyber protection projects. DHS officials have already said projects such as its Einstein intrusion-detection-and-prevention system and systems that share information among local governments and critical infrastructure would take a hit, as would continuous diagnostics and mitigation (CDM) efforts.

Senate Democrats are blocking consideration of the House-passed DHS spending bill, which would prohibit implementation of Obama's plan to allow millions of illegal immigrants to remain in the country. A fiscal 2015 omnibus appropriations bill enacted in December funded DHS through Feb. 27.

In remarks at a Feb. 20 American Bar Association event, Andy Ozment, assistant secretary of the Office of Cybersecurity and Communications within NPPD, said that a shutdown "grinds to a halt" CDM and Einstein 3A. His comments echoed his Feb. 12 testimony before the House Homeland Security Committee's Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee that a shutdown could force a furlough of 140 staff members at the National Cybersecurity and Communications Integration Center, as well as stall Einstein and CDM efforts.

Ozment said a shutdown would delay bringing more agencies onboard DHS's Einstein 3A, the latest iteration of the automated intrusion-detection program. About 20 percent of the government uses the software, according to Ozment. It is currently deployed at 11 departments and agencies, covering approximately 25 percent of all .gov traffic, and DHS plans an aggressive expansion of the service in the coming months. Ozment said 46 agencies have signed agreements to participate in E3A services, covering 90 percent of all federal civilian traffic.

The Department of Veterans Affairs already uses the Einstein 3 managed security system as its first line of cyber defense – an outer wall protecting its networks from intrusion. That service would not be affected by a lapse in appropriations.

"That particular service is considered a critical service, so it will continue to run," VA CIO Stephen Warren said in a Feb. 24 conference call with reporters. "There will be no degrade in capability. We have a very strong relationship and partnership with the folks over at Homeland Security. They've pretty much said they're going to continue the mission. And it's a mission that we're very dependent on".

More broadly, however, "the impact on Einstein could be significant," said Tony Cole, vice president and Global Government chief technology officer at enterprise cybersecurity provider Fire Eye. Cole said it was not clear what might be deemed exempt and non-exempt under the project, making it difficult to predict the full impact.

Measuring the opportunity costs

"There is a longer-term problem with acquisition," said Weatherford. Stopping work on big IT procurement projects ripples down the chain, as work stops and procurement personnel who are still on the job are shifted to projects that receive funding from other sources. "There's an opportunity cost" to the stoppage, he said.

Ozment spoke to that cost in his congressional testimony. DHS is set to award a task order under CDM phase 1 in the coming weeks. "With CDM, we're on the verge of issuing a contract," Ozment said before the House subcommittee. "It would delay issuance of this award."

More recently, DHS officials reiterated to FCW their concern that future CDM contracts could be delayed if a shutdown occurs.

The net effect of a shutdown on DHS cybersecurity, however, is measure in other terms, Weatherford and Cole agreed.

"The impact on cyber employee morale" could be significant, Weatherford said. "I've been through a few of these in the federal government and in the private sector. You tell highly talented people with a lot of employment options how important they are, then treat them like they don't matter. Watch for turnover after this is over."

Cole made a similar point about morale, saying "it surely won't help with job satisfaction." On top of that, he said, hiring replacements could also take more time, since human resources employees will probably be furloughed, resulting in a work backup in that department.

Adam Mazmanian contributed to this story.