Dan Munro - Dev-Sec-Ops Engineer   Archives  Recommendations  About

Cracks Forming In US Cyber Security

A few important things are happening right now as a direct consequence of the ongoing government shutdown. And the longer the shutdown continues, the more damage will accumulate. Some damage may end up being irreversible by the time a spending bill is passed, the government is reopened, and agencies begin staffing up again.

How many staff will ultimately return? And how many have lost faith in government? How many furloughed employees have been “interviewed” unwittingly by foreign agents, while looking for temporary work? It’s not as far fetched as it seems.

Reminder: every day that people with a security clearance remain without a paycheck is another day that foreign intelligence assets will refer to the US as a "target rich environment"

— Jake Williams (@MalwareJake) January 9, 2019

Website Rot

Currently, more than 80 TLS certificates have expired. Some websites are completely inaccessible. Websites with expired certificates that also have misconfigured HSTS are still available, however, browsers are now displaying a warning about the content of the site. All data transmission between client and server is unencrypted and susceptible to MITM attacks.

Websites are not actively being managed, with many of the support staff furloughed. If a compromise happens, it will go undetected while the attackers entrench, spread, and exfiltrate sensitive data.

Departments Shuttered

The National Institute of Standards and Technology is reduced to 49 from roughly 3,000 employees.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has an estimated 43% of employees furloughed – over 1,500 staff.

These furloughs have very real short term and long term security consequences.

Written on Jan 11, 2019.