The looming risk of a shutdown of the federal government is raising alarms within the cybersecurity community, with no easy solution to the political impasse in sight.

Earlier this week, Deputy Attorney General Lisa Monaco warned a government shutdown would raise cybersecurity risks.

In addition to government furloughs that would impact cybersecurity staffing levels, there is a potentially more ominous risk brought about by the dislocation of thousands of workers, who may be justifiably disgruntled or under serious financial duress.

Max Shier, CISO at Optiv, added that unintentional insider threat issues can include employees who are creating shortcuts or bypassing security controls to make their jobs easier since they are covering for those who are furloughed.

“They are also more susceptible to phishing attacks as they may be looking for other jobs or opportunities to make money,” he said. “All these risks grow over time if a shutdown continues.”

He pointed out that during the last shutdown in 2018, there were dozens of government websites on which web certificates failed to be renewed, which led to the sites becoming inaccessible or insecure.

“As a critical government cybersecurity worker myself in 2013, still working during the shutdown, I personally saw an uptick in security incidents due to stressed out and overworked employees taking shortcuts or not paying attention,” Shier recalled.

Landen Brown, federal CTO at Symmetry Systems, agreed that, in addition to the important cybersecurity defense-related jobs and roles that the looming government shutdown could impact, the shutdown would place a variety of other government employees under immense emotional and financial stress.

“This makes them more vulnerable to ongoing bribery and corruption attempts,” he said. “Government employees often have access to vast amounts of sensitive data, making them attractive targets for foreign and criminal actors.”

He added that the growth in “access brokers” who seek to bribe or coerce employees into providing help to circumvent accent control is compounding this risk, as they seek to take advantage of any weaknesses in our defenses, including the personnel themselves.

“To address these challenges, it is crucial to have a well-established and maintained data inventory and classification system to ensure that sensitive information remains restricted to authorized personnel, adhering to the principle of least privilege,” he explained.

This approach minimizes the potential for increased insider threats due to disgruntled employees or financial stress.

“Additionally, continuous data monitoring is paramount to alert on any anomalous behavior, enabling swift response and mitigation,” Brown noted.

Shier says there are several things agencies and their cybersecurity teams can do to ensure they are prepared during a shutdown.

“Educate and remind workers that they will see an increase in targeted phishing or LinkedIn campaigns during this time and to report any suspected phishing attempts, attempts to solicit data, or offers for work or speaking engagements, especially from foreign nationals,” he said.

They should also ensure appropriate security controls are in place for DLP to detect and prevent any attempted data exfiltration and closely monitor privileged users, such as system administrators, for any anomalous behavior or attempts to circumvent security controls.

Eyal Benishti, CEO of Ironscales, added that a government shutdown would essentially broadcast to the cybercriminals of the world—and nation-state actors in particular—that the government’s guard is down.

“The moment that deadline is passed and our normal day-to-day operations are thrown into disarray you can be certain there will be a crush of malicious actors at the proverbial gates looking to capitalize on the chaos,” he warned.

From his perspective, cybersecurity is ultimately just as much about maintenance and upkeep as it is about planning and remediation.

“Staying vigilant, which can only be done when people are actually on the job, is essential to organizational security,” he said. “That’s why some of the biggest concerns around a shutdown are largely matters of housekeeping.”

These include delays in necessary software updates and security patching, disruptions in the supply chain for security services, hampered incident response and unfulfilled IT and security tickets piling up.

“Plus, we’d almost certainly see an increase in the overall volume of attacks—including phishing and social engineering—as threat actors try to capitalize on the temporary state of disarray,” Benishti said.