DHS faces immediate and long-term problems from the shutdown

From increased cybersecurity threats, to personnel and possible contractor attrition, the Department of Homeland Security is facing deep and lasting effects from the government shutdown, according to former top agency officials.

"We're in the midst of a security crisis," warned former DHS Secretary Jeh Johnson, at a Jan. 24 panel discussion on the shutdown's impact on the department convened by the leadership of the House Homeland Security Committee.

The agency's ability to respond to natural disaster and terror threats, as well as its everyday security responsibilities, such as screening airline passengers, wears thinner with every day of the partial shutdown, he said.

The continuing shutdown, according to Johnson, threatens to erode the agency's most valuable assets: its people. The shutdown is causing transportation security officers, Coast Guard recruits and technical specialists to rethink their commitments to DHS, he said, as they miss paychecks and struggle to get by.

"A breaking point" for unpaid DHS workers, "may come with the second missed paycheck," he said, due on Jan. 25.

The shutdown is slowly blunting the Federal Emergency Management Administration's ability to respond to disasters, since response to major hurricanes and other disasters is a "whole of agency" operation that leverages both essential and non-essential personnel often working in areas that aren't in their job description, said Tim Manning, former deputy administrator for protection and national preparedness at the agency.

Some furloughed "non-essential" personnel at FEMA may be hard to muster for a rapid disaster response, he said. "Furloughed employees can't check email," he added.

A breaking point may not be visible when it comes to cybersecurity work, but could manifest through worn-away cyber protections and missed opportunities, according to a former agency infrastructure protection official.

The work to protect federal networks from cyberattacks continues through the shutdown, but DHS' ability to protect against advanced persistent threats erodes with each passing day, said Caitlin Durkovich, former assistant secretary for infrastructure protection at the agency.

"I take some solace in the fact that the ... hub that coordinates cybersecurity, remains operational," she said, referring to the National Cybersecurity and Communications Integration Center.

Hundreds of NCICC employees, working without pay, are still doing the basic blocking and tackling to protect federal networks under the Cybersecurity and Infrastructure Security Agency, she said. The agency's work on supply chain security, setting future cyber protections for election infrastructure and census operations have stopped, she added.

CISA's personnel are on the job, Durkovich said, and aren't being paid. Right now they're helping agencies tackle the recent emergency directive to counter a recently discovered DNS hijacking campaign, she said.

However, the usual suspects that have been implicated in advanced persistent threats to U.S. government and commercial networks -- China, Iran, North Korea and Russia -- present a strategic threat that isn't classified as an imminent. Programs that address those longer-term, advanced persistent threats have been stalled by the shutdown, Durkovich said.

"The concern is more strategic and emergent," she said. "Each day that passes, that strategic threat grows." Adversaries are smart, she added. They're very aware of what is happening and are looking for weak links in physical and cyber domains.  Work to protect the federal census effort and election systems from cyber threats, which don't present imminent danger, have ground to a halt, she said.

The shutdown also comes at a bad time for CISA, she told FCW in an interview after the presentation. The new agency, formed last fall from the National Protection and Programs Directorate, was to have been doing a lot of "capacity building" in the last month, such as developing programs, tools and other foundational work, she said. That work has ceased.

"These early days are really important, given it's now an operational component. Not being at the table with other departments and agencies and the private sector, leaves a void. It means that other departments and agencies can step into that void and flex their muscle," she told FCW.

The shutdown, according to Durkovich, also weakens the work DHS has done over the last decade to build its contracting capabilities, particularly with small businesses. Contracting activities, from cybersecurity to guard-dog acquisitions, have ground to a halt at the agency.

The shutdown, she said, will be particularly hard on DHS' small business contractors. "Some won't survive." That could have a deeper, longer lasting impact on the agency's cybersecurity operations that have a significant contingent of small business contractors, she said.