As the US inches toward a full month of a government shutdown, concerns over the impact on national security and cybersecurity continue to mount, and according to security experts from Juniper Networks, Untangle and Vectra, the shutdown may affect government IT recruiting and hiring.
With the skills gap being one of the hurdles every company must clear in order to mature in their overall cybersecurity posture, most organizations are trying to get more creative when it comes to recruitment. The government, though, is in its 25th day of a shutdown.
“The biggest impact of the shutdown, in my opinion, is that furloughing cybersecurity analysts creates a vulnerability for government networks. As we all know, the top problem in security today is the shortage of trained cybersecurity professionals, and the cybersecurity skills shortage was already getting worse in 2018 with millions of unfilled cybersecurity jobs,” said Nick Bilogorskiy, cybersecurity strategist at Juniper Networks.
The problem is exacerbated because some staff are furloughed with the shutdown As was reported by Infosecurity last week, attackers can potentially intensify their activity and exploit security gaps and vulnerabilities resulting from the shutdown. When considering the long-term ramifications, Bilogorskiy said it’s likely that the government will lose valuable cybersecurity talent to the private sector.
“During prior shutdowns, recruiting and hiring efforts have certainly been impacted, as these are not typically considered essential functions,” said Dave Mihelcic, federal chief technology and strategy officer for Juniper Networks and former chief technology officer of Defense Information Systems Agency (DISA).
“Perhaps the more significant challenge posed by these shutdowns was the lasting impressions they made on young IT professionals," Mihelcic continued. "Undoubtedly IT job seekers had a more negative view of federal employment due to the shutdown. Likewise the most talented IT professionals in federal service were left with lasting questions about their future that would cause some to seek outside opportunities.”
The problem isn't limited in scope, either. Yes, expired certificates are a problem, but collaboration between the public and private sector is critical to strong cyber-defense. "With only a skeleton crew at the helm, data sharing and rapid response can fall by the wayside, leaving our nation vulnerable to cyber threats and attacks. The longer the shutdown continues, the more opportunity there is for both private and state-sponsored attackers to take advantage of any possible lapses in oversight,” said Heather Paunet, vice president of product management at Untangle.
Government agencies have often lost potential talent to the salary battle with private industry, but the biggest concern of the government shutdown is that this type of instability would hamper the federal government’s ability to attract and retain good cybersecurity talent, according to Chris Morales, head of security analytics at Vectra.
"With the number of available roles in the private sector that pay with much more lucrative salaries and benefits, it’s going to just get harder for government agencies to compete. If anyone is in need of more automation and efficiency in security operations processes, it will be these federal agencies.”