The federal government’s cybersecurity operations would be significantly diminished in the event of a government shutdown, with particular risk to continuity of operations and new-start programs critical to defending against emerging cyberattacks, multiple cybersecurity industry executives said Tuesday.
Top cyber executives from CrowdStrike, CGI Federal, Armis and Intrusion said there would be “major impacts and delays” to key government cyber projects if the government is unable to pass annual appropriations bills or reach a continuing resolution, resulting in a shutdown, which is a realistic possibility according to some political experts.
“Having done this for many years I’ve lived through a couple of government shutdowns and the impacts I think really day-to-day operationally are ones of continuity and resource availability,” Stephen Zakowicz, vice president of CGI Federal, said during a House Homeland Security Cybersecurity and Infrastructure Protection Subcommittee hearing. “So what are we able to do and make progress on? And ultimately what trade-offs are cyber agencies making when they’re facing questions of what resources they have left and how are they going to keep the doors open?”
Another cyber executive testifying Tuesday, Brian Gumbel, president of cyber intelligence platform company Armis, said that “this shutdown will obviously cause delays and some cyber projects will come to a halt. The longer we delay the longer our adversaries will have a chance to get in front of us. So delays are just terrible for this nation and it’s going to cause some major impact.”
While a continuing resolution would keep the government open and operating, some cybersecurity executives highlighted that without the full funding of annual appropriations, the government would be unable to move forward with new, innovative government cybersecurity programs, leaving big gaps in the government’s defense systems.
“The thing that hits you the hardest is the new initiatives just get stopped completely and we need a lot of innovation in cyberspace. So y’all need a way to fund during a CR especially new programs and reactive reach responses and that’s sadly lacking across the table,” said Joe Head, the chief technology officer at cybersecurity company Intrusion.
“You can’t start a new effort under a CR but you can continue an old one. And this is all new, it’s new every day with a new breach, a new zero-day, a new attack,” Head added.
During the hearing, Rep. Rob Menendez, D-N.J., asked the cyber executives about the potential negative effects and ramifications on the ability of CISA to innovate and match the current threat environment if a year-long CR that locks in last year’s spending limits is passed.
“We need to obviously match what CISA is doing in order to progress some of the changes in the systems that we’re looking to put forth, so I think it’s a big concern,” said Gumbel from Armis.