With a federal shutdown, local governments face a growing cyber threat landscape, as fewer federal experts are available to call on for help. State and local governments must stay prepared to defend their systems as bad actors exploit uncertainty and stretched resources.
As the federal government shutdown continues, cybersecurity experts warn that local agencies may face a surge in sophisticated phishing and ransomware attacks. With reduced federal support, counties may need to be prepared to rely on limited resources, as well as state or private partners, to defend against and recover from potential breaches.
In a recent article from Government Technology, bad actors are likely to exploit uncertainty and funding gaps. From the article:
Threat actors wait for this, and then they pounce immediately. I wouldn’t be surprised if they have these pre-prepped so the day the shutdown happened these email, spam and phishing campaigns started going out, said Brandon Potter, chief technology officer for cybersecurity services firm ProCircular.
Federal capacity to assist with cyber threats is significantly limited, as roughly 65 percent of the Cybersecurity and Infrastructure Security Agency (CISA) workforce is currently furloughed. That means fewer federal experts are available to support ongoing cyber defense, coordinate with local partners, or approve federally funded resilience projects.
From the article:
You have to move forward and assume that help will be non-existent or delayed for whichever time period the shutdown is going to happen, said Brandon Potter, chief technology officer for cybersecurity services firm ProCircular.
Local IT leaders are encouraged to revisit their incident response plans and strengthen coordination with state and local partners to ensure readiness in the event of an attack. State and local governments should also refresh employee training so staff can better recognize phishing attempts that exploit themes related to the shutdown or political tensions. In addition, increasing identity monitoring and maintaining clear communication within departments can help quickly identify and address potential threats.
With many federal cybersecurity staff unavailable and critical project approvals on pause, state and local governments must be prepared to act quickly and independently to safeguard systems and data.
