23
Jan 19

How the U.S. Govt. Shutdown Harms Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.

One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.”

“The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”

The source said his agency can’t even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.

“Investigators who are eligible to retire or who simply wish to walk away from their job aren’t retiring or quitting now because they can’t even be processed out due to furlough of the organization’s human resources people,” the source said. “These are criminal investigations involving national security. It’s also a giant distraction and people aren’t as focused.”

The source’s comments echoed some of the points made in a 72-page report (PDF) released this week by the FBI Agents Association, a group that advocates on behalf of active and retired FBI special agents.

“Today we have no funds for making Confidential Human Source payments,” reads a quote from the FBIAA report, attributed to an agent in the FBI’s northeast region. “In my situation, I have two sources that support our national security cyber mission that no longer have funding. They are critical sources providing tripwires and intelligence that protect the United States against our foreign adversaries. The loss in productivity and pertinent intelligence is immeasurable.”

My federal law enforcement source mentioned his agency also was unable to pay confidential informants for their help with ongoing investigations.

“We are having the same problems like not being able to pay informants, no travel, critical case coordination meetings postponed, and no procurements to further the mission,” the source said.

The extended shutdown directly affects more than 800,000 workers, many of them furloughed or required to work without pay. Some federal employees, now missing at least two back-to-back paychecks, are having trouble keeping food on the table. CNN reports that FBI field offices across the country are opening food banks to help support special agents and staff struggling without pay.

An extended lack of pay is forcing many agents to seek side hustles and jobs, despite rules that seek to restrict such activity, according to media reports. Missing multiple paychecks also can force investigators to take on additional debt. This is potentially troublesome because excess debt down the road can lead to problems keeping one’s security clearances.

Excessive debt is a threat to clearances because it can make people more susceptible to being drawn into illegal activities or taking bribes for money, which in turn may leave them vulnerable to extortion. Indeed, this story from Clearancejobs.com observes that the shutdown may be inadvertently creating new recruiting opportunities for foreign intelligence operatives.

“If you are a hostile intelligence service human intelligence (HUMINT) targeting officer you are hoping this situation lasts a long time and has a multitude of unintended consequences affecting the cleared government employee population,” writes Christopher Burgess.

The shutdown may impact government and civilian cybersecurity efforts in other ways. As Brian Fung reported last week at The Washington Post, a rising number of federal Web sites are falling into disrepair, making it harder for Americans to access online services.

“In the past week, the number of outdated Web security certificates held by U.S. government agencies has exploded from about 80 to more than 130, according to Netcraft, an Internet security firm based in Britain,” Fung wrote.

Alex Stamos, former chief security officer at Facebook, said this creates problems for people trying to access key documents at government Web sites because the world’s dominant browser — Google Chrome — heavily discourages users from even visiting sites with expired security certificates.

But Stamos says he’s far more concerned about who’s maintaining, monitoring and safeguarding the countless Internet servers and other government online assets during the shutdown.

“What worries me more is what this indicates for the fact that there’s not standard maintenance going on,” Stamos said in this week’s episode of security journalist Patrick Gray‘s “Risky Business” podcast. “We’ve gone through a Patch Tuesday since the government shut down. Who is actually maintaining the systems, who is sitting in the SOCs [security operations centers], who’s looking at the logs? Even if you have critical cybersecurity people at NSA or Cyber Command working, there’s a lot of importance in having people show up for their jobs.”

U.S. Senate leaders are now planning to hold competing votes on Thursday in a bid to end the shutdown, but a story Wednesday in The New York Times reckons that neither measure is expected to draw the 60 votes required to advance.

“You hear [New England Patriots football coach Bill] Belichick and other coaches constantly preaching about leaving distractions outside the locker room,” said the federal law enforcement source who spoke with this author. “Can’t think of many bigger distractions like not getting paid, damaging credit scores, not being able to pay bills, and losing supplemental insurance. We just wish our national leaders would listen to another Belichick gem: ‘Do Your Job.'”

Tags: , , , , , , ,

99 comments

  1. Really nice summary, thank you Brian.

  2. Agencies should offer a financial incentive for all government employees to turn over HUMINT officers.

    If there is a financial incentive, or any incentive at all, there targeted individuals may choose to do the right thing instead of committing a crime.

    • You’re trying to treat the symptoms here instead of the cause of the illness. You’re saying “take Tylenol to bring down your fever” when priority number one needs to be “stop rolling around in feces with open wounds; it’s making you septic.”

    • While it’s a nice idea, the whole point of the current situation is that pretty much any financial incentives, including ones promised, agreed, signed into contracts and law, are revoked right now. The people to whom you could report those agents are unable to do their jobs properly because of the ongoing leadership failure.

  3. This is the small government they’ve always wanted

    • I think they want NO government. Will make it much easier for the kleptocrats and russians/chinese to take it over. Well, I guess we had a good run and it’s time for another empire-building state to hustle in. RWNJs can mitch and bone and tell the new owners that they were here first (humor.)

  4. Further evidence of Pelosi and the other crazy old-guard liberals’ desire to destroy America from the inside. They demand no fences, both literal and figurative, while carefully curating their own personal protective ensemble. I defend their right to be completely idiotic and wrong, but fight vehemently against their ideas.

    • The majority of fencing was built under the Clinton administration, but all administrations have repaired and extended fences. The goal is to use fences intelligently.

      Representative Will Hurd, who has most of the US Mexico border in his district, opposes fences in his district. Some parts are so remote that response time can be four hours. In that amount of time, “anti-fence technology” such as a shovel or rope ladder can be employed by migrants.

      The goal of the Democrats is to approach the problem in an intelligent manner, not the Trump way.

      • “The goal of the Democrats is to approach the problem in an intelligent manner, not the Trump way.”
        Does that include not supporting the strengthening and support of the southern border when it becomes politically inconvenient even though Shumer/Pelosi/Obama/Boxer et al called for it less than 10 years ago?

        • Many things change over a decade. I can buy radar for a PTZ camera for a grand. A decade ago that was nation state technology.

          Attend one of the ISC expos. Learn modern security.

          On much of the southern border, the only migrants are animals.

          I you really want immigration control, make everify mandatory and create a system to detect visa overstays.

          • Everify indeed. In some countries, hiring a person who is not legally allowed to work lands the employer in jail. No wall is needed.

        • twinmustangranchdressing

          Indeed. When some call a border barrier immoral (which is different from calling it ineffective), I can’t see how that’s not advocating for an open border.

          A plague on both their houses.

        • Tell us why Trump did nothing about this wall vote for two years when the Republicans had the House, the Senate and the President? Then Trump waited until he lost badly to pull this shutdown stunt.

          Makes you wonder if this is Trumps distraction from his Russian problems and all the cyber security issues with Russia that Trump is neglecting.

          • twinmustangranchdressing

            While the Republicans had (and have) a majority in the Senate, budget legislation (and perhaps other types of legislation) effectively requires a supermajority of 60 votes because of the possibility of a filibuster.

    • As I will defend your right to be even more idiotic in your defense of the swamp that Trump and his minions have created.

    • It’s your boy Trump that shut down the government (he said so himself) because he got yelled at by Fox News. We had a deal, including money for border security. He blew it. It’s his fault.

    • Youve got a President compromised by Russians sitting in office doing everything he can to destroy your country and youre still on about the Clintons? Get over it already. And the wall? Ask the Chinese how well walls work to keep people out. The biggest one in history and it failed miserably.

  5. what Ever money cyber Criminals steal
    that money goes to Criminals Pocket, then
    They Finance with this money new crimes.
    I guess its like terrorism.
    USA is on Panic mode.. FED Not printing Anymone new money!
    Even the Old money has to be payed Back to FED. Federal reserve.

  6. The Sunshine State

    The US government has become a huge joke , thanks to the head guy in charge.

  7. I’ve worked in the IC off and on for a number of years (my background is engineering) and it is very hard to keep talented STEM people for a number of reasons:
    1. Pay cap is $160K
    2. The promotion process is very slow and can take people years to get to six figures
    3. People are often offered 60-100% increases in salary to leave.
    4. The restrictions on an employee are annoying and extensive (financial disclosures, polygraphs, pre-approval of foreign travel)
    5. Getting anything through procurement can take 3-6 months including items costing $100 or less.
    6. While the time off is nice, the pension which was really good for a while is not so hot when you are contributing ~5% per year to it (above and beyond any 401K contributions the employee makes).
    7. Getting rid of unproductive people is excessively difficult.
    8. Getting timely training is very difficult.
    9. Numerous years of zero pay raises.
    10. Furloughs, sure you get the back pay but if someone is just starting out going w/o a pay check isn’t easy.

    And once someone leaves, the odds of them coming back are slim since the pay cut would be significant.

  8. There are a number of Drupal patches that went out last week. I’m assuming systems that have expired certs also are not getting patched.

    I mention Drupal because it is used heavily by the US government.

  9. Forward to your member of Congress. Address list: https://www.usa.gov/elected-officials

  10. Nephew 20+ yrs in USCG. Not getting paid. Resigning. He’s a senior chief and irreplaceable experience is going out the door. A former Trump/GOP supporter now cursing the fools.

    • Boo hoo, cry me a river. Having a fed/state/gov job doesn’t make you anymore entitled to receive a regular paycheck than the average Joe.

      • Yea, but having worked 200 hours now with zero compensation sure feels like old fashioned slavery. When they order you to work and don’t pay you, what is that called? They can’t fire the workers they need, so they force them to work for a promise of future compensation, just how is that fair?

        Given the IRS staffing issues, it makes me wonder how badly this tax season is gonna be hit with snafus, cheats, scams and errors.

      • That’s true. The Average Joe has far more protection; he’d be paid for his work. In fact, it’s illegal to make him work without paying him.

  11. This Trump shutdown and existentially the whole regime has been nothing but a blight on the American people and humanity in general. 2020 can’t get here soon enough.

  12. {quote}The source said his agency can’t even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.{/quote}

    I believe that OPM NBIB is operating as usual and at least one of their sub-contractors is running full steam ahead. Perhaps the holdup is after the background checks have completed or with the originating agency.

  13. Edgar is rolling over in his dress.

  14. I am an infosec professional and work with NIST Cybersecurity Framework quite a lot. Most documents published by NIST are unavailable since the shutdown started and it clearly interferes with my ability to complete tasks.

  15. Well, V. Putin has made a good assessment by planting his asset in the White House. Get rid of the orange moron and the problem will be solved.

  16. No wonder Trump has been proud to own this shutdown. He is doing it at the request of the President! (Putin).

  17. Trump probably doesn’t know of all this as yet another serious consequence of his shut-down and blind stubborn stupid view of “winning,” and won’t pay attention if people do try to inform him. And really wouldn’t care even if he became aware of it. As long as he thinks it doesn’t affect him personally, it doesn’t matter what it does to everyone else, and to the country (or world) in general, no matter how dire the situation. Maybe he’d calculate that if the shut-down continues, whatever the excuse, it’ll deprive Mueller’s investigative team of the resources they need to continue their work, which he fears as personal attack on him and his m.o. (however realistic, deserved, and needed that might be); so in his mind that would be worth everyone else’s suffering.

  18. I am a lowly nobody. I am just a citizen of the USA. I did not vote for Trump or Clinton. I see nothing except a pissing match between Trump and the Democrats. It is always the big guys who make the fight and always the little guys who suffer the consequences. Neither of the big guys cares about what happens to the little guys. They just want their way and that is it. Unfortunately, America is going to suffer greatly before it is all over. I am 69 years old and this is the worst condition America has ever been in. When no one is talking, then there is no government and that bodes ill for America and her people. There is so much polarization in this country, I do not expect us to last much longer. I hope I am gone before the consequences of this hatred completely wipe out what was once the greatest country in history. All I can say is God Bless Us All because we are all going to need it very soon.

  19. If Pelosi and Schumer and the dems stop whining and fund border security (including the wall) the problem is solved and the government can be back open tomorrow.

    • I wouldn’t call that solving the problem.

    • It solves the problem until the next time Trump throws a tantrum.

      Pelosi is right. This is just going to keep happening until somebody puts a check on Trump — something that Congress should have been doing for the past two years.

  20. Robert Scroggins

    Thank you Brian, for a look at the shutdown from the security side. I think all sides affected by the shutdown have similar problems.

    This is going to ultimately amount to many, many, many, many, many more dollars worth of harm in total than the much smaller amount being argued over.

    Regards,

  21. Imagine of those certificates happen to expire during the shutdown. It would make really interesting headlines.

  22. The details of how the shutdown weaken America is rather shocking.
    From an outsiders (non-US) perspective it’s absolutely incredible that the US can have a situation in which the President says he’d be proud to shut down the government he was employed to run; and then shut it down; and leave it shut down for so long; damaging America to its core.
    Doubly incredulous given that everybody, apart from the President, says a wall would be ineffective.
    I think Trump will go down (one could probably put a full stop here) in history – just not in the way that he or his family would like.

    • That’s what happens when you elect someone with the mentality of a toddler to the office of President.

  23. History shows that no matter how deep a wall’s foundations are, sufficiently determined people will always burrow deeper. The necessary civil engineering works will always commence on the Mexican side, perhaps financed by cash-rich drug traffickers and ultimately paid for by their American customers. Poor old Trump is too dim to understand that.

    • A more cost effective approach is to use a small group of officers armed with various advanced technologies to control the border. One example is to have a network of seismographic detectors, that should there be so much as a 5 ounce mole digging for insects, that a spot team will immediately bring in a drilling rig and plant a bunker busting explosive charge on either side of the disturbance. Meanwhile, seeing as most of the border is a very straight line, we can have AI monitoring autonomous .50 cal machine guns that only fire along the border, inside of designated free-fire corridors. Later, the fully mobile AI platforms can be deployed. All this will cost less than that stupid wall!

  24. When the swamp is complaining, it means something good is happening.

    I hope the shutdown causes most of the federal workforce to quit.

    There should be no FBI, no federal criminal laws, no Federal Reserve, no SEC, no USDA, no EPA, no IRS, no DOE, etc. Each one duplicates functions of state governments and could be eliminated with zero effect on the country.

    (There should also be a prohibition on federal employee unions. People working for government should not be able to lobby other government employees; it’s incestuous. A union mouthpiece commenting for this story is offensive to logic and decency).

    Our government works best when it’s divided. It forces our elected officials to eventually reach compromises. Unified government just results in unrestricted spending and waste without oversight.

    Whoever is left in the federal workforce after the shutdown is over should be reassigned to the military and border patrol. It’ll upend the swamp.

    • This is rich. I can just imagine national level investigations. This mimics a mesh network…the states would require over 1200 agreements just for interstate legal investigations. Let’s add international agreements for trade … one for each state for each country. Oh, let’s get rid of the FAA so each state has independent air control.

      Out of curiosity, if we got rid of the IRS in it’s entirety, how would the military be funded? Border control? Let me guess, the feds would bill each state. And that would come from residents’ taxes.

      • The DNC would say – we’ll just print it……… Always worked for them in the past. And when someone only has the job for a few years, they don’t care how big the debt is. (for the record I can’t stand either of the two corrupt parties that keep the US from being what it could be)

      • Re IRS, States are perfectly capable of collecting taxes to share with the feds. Many states already colect taxes on behalf of school districts and counties, which then gets distributed. The IRS is entirely redundant.

        The FAA could be eliminated. Air traffic control could be run by DOD or Homeland. Airports, aircraft, and airspace can be supervised/regulated by the states, just like they do with roads, ferries, waterways, and taxis.

        I didn’t suggest getting rid of Congress, the courts, State Department, DOJ, or DOD.

        Clearly, some parts of the federal government are necessary under the Constitution and to assist states with interstate coordination.

        But most of it could close up and we’d be fine.

  25. Some of the BTC addresses used by the scammers did receive payments indeed. At least some people got fooled and payed the scammers.

    I am always surprised when I see people fall for such obvious scams.

  26. I see only Brian mentioned, the big one, how the lack of pay, affects ones security clearance. You fall behind on a payment, you security clearance is suspect now. As in how are you surviving, getting a check from Russia or China? Or lapsing your overwatch of Verizon? Or a banking system?
    Of those, security personnel will have even more on their plate, to reclear the backup, and reclear the employees.

    • A couple other politicians and union officials made the same point during this week. They make the same alarmist comments every time there is a shutdown.

      National security, security clearance, blah blah blah.

      The average federal employee annual salary ranges from $40,000 to $80,000 (depending on the location of their job). That’s almost 140% more than private sector workers.

      Any of them that can’t manage to be without income for a month or two are irresponsible with personal finances (they spend too much, save too little) and do not deserve security clearance.

  27. The only thing I see wrong with the shutdown is the most corrupt parts (senate and congress) are still getting paid, and still not doing their job.
    Just about the only thing that could bring this country together and bring back respect and trust of our government, would be the arrest and jailing of the entrenched criminal elements. Especially all private sectors that make bribes.

    • They’re doing their job by expressing disagreement and trying to get the best possible deal for the folks who elected them.

      It’s far more ugly to have a government in which all sides are in constant agreement to spend our money without criticism or oversight.

  28. “The goal of the Democrats is to approach the problem in an intelligent manner, not the Trump way.”

    Israel’s southern and west bank barriers are working quite well, thank you, if their goal in building them was to protect their border and those inside it.

    The goal of the Dems in refusing to provide Trump with an amount that is 0.13% of the federal budget is simply to get Trump to have his George HW Bush “read my lips, no news taxes” moment by going back on a major campaign promise at which point they will hound him with that in the 2020 campaign, assuming he’s even part of that, just as they did with GHW Bush.

    Also, according to Pew Research, not exactly a “conservative” organization, 70-80% of immigrants from the 3rd World vote left regardless of their educational level or economic status. What began a 3rd World LEGAL immigration flood along with chain migration where the population of entire villages has moved to the US?

    ——–

    Dec. 4, 2001
    Analysis: JFK’s immigration legacy
    Patrick Reddy, UPI

    Now, 38 years after of John F. Kennedy’s assassination, it is apparent the Kennedys have a substantive legacy that is much more important: The 1965 Immigration Reform Act promoted by President Kennedy, drafted by Attorney General Robert Kennedy and pushed through the Senate by Ted Kennedy has resulted in a wave of immigration from the Third World that should shift the nation in a more liberal direction within a generation. It will go down as the Kennedy’s family greatest gift to the Democratic Party.

    ——–

    So, there’s why the Dems “love” 3rd World immigrants. US citizens won’t vote for you in adequate numbers? Import some that will.

    So, why don’t the Reps do something? Simple, because the Chamber of Commerce wants cheap, hard working laborers who can’t complain about work conditions and whose supplemental support in the form of food, medical care, and education is paid for by taxpayers. The Reps, most of them being properly described as RINOs (Republicans in Name Only), are the mostly phony opposition party owned by most of the same concerns who own the Dems. Their common owners fund their campaigns, the electorate serving merely as the “useful idiots” who keep coming back again and again to “legitimize” the rule of posers, those voters brought to the polls again and again by a few hot button issues like abortion and guns to vote for the “lesser of two evils”, continuing to vote for “their side” regardless of whether or not campaign promises are ever met.

    Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens
    Princeton Universiyt, 2014

    ABSTRACT:

    Each of four theoretical traditions in the study of American politics—which can be characterized as theories of Majoritarian Electoral Democracy, Economic-Elite Domination, and two types of interest-group pluralism, Majoritarian Pluralism and Biased Pluralism—offers different predictions about which sets of actors have how much influence over public policy: average citizens; economic elites; and organized interest groups, mass-based or business-oriented.

    A great deal of empirical research speaks to the policy influence of one or another set of actors, but until recently it has not been possible to test these contrasting theoretical predictions against each other within a single statistical model. We report on an effort to do so, using a unique data set that includes measures of the key variables for 1,779 policy issues.

    Multivariate analysis indicates that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence. The results provide substantial support for theories of Economic-Elite Domination and for theories of Biased Pluralism, but not for theories of Majoritarian Electoral Democracy or Majoritarian Pluralism.

  29. Does anyone happen to know what’s happening at all of the gun shops in the US? Are background checks for firearm purchases still being processed? Are those checks being processed at a lower level of quality? Or has this effectively shutdown the nations weapons industry?

  30. Appreciate the shout out Brian.
    The problem isn’t linear, it is exponential. There will be a point reached where individuals are in placed in the position of making impossibly hard decisions due to lack of financial solvency.
    CB