A government shutdown would not only cause a reduction in available staff, there would also likely be a temporary shutdown of some IT systems, creating a crisis of prioritization and the possibility that federal cyber security may suffer.
Regardless of well established contingency plans each federal agency maintains, the simple fact that there will be fewer government employees at their posts inherently means there will be an increased level of vulnerability to federal networks.
"Because there are not enough people watching as there was before, the risk profile will be higher if there's a government shutdown," said the national director of U.S. Cyberchallenge, Karen Evans.
The white House estimates that more than three-quarters of a million federal workers may be off the job if Congress fails to pass funding legislation by midnight Friday, but there are no official estimates of how many information networks may also be affected by a partial government shutdown.
According to GovInfoSecurity, both the Office of Management and Budget and the Department of Homeland Security refused the opportunity to comment directly on the possible impact a shutdown might have on federal cyber security.
The DHS did however issue an optimistic statement earlier this week regarding the likelihood there will even be a shutdown, and reitterated the fact that there are contingency plans for such an event in place.
"As a matter of course, DHS plans for contingencies. In fact, since 1980, all agencies and departments have had to have a plan in case of a government shutdown, and these plans are updated routinely. All of this is beside the point since, as the bipartisan congressional leadership has said on a number of occasions and as the president has made clear, no one anticipates or wants a government shutdown," the DHS stated.
Others familiar with the possible effect a shutdown may have on federal cyber security were not as optimistic, such as former Interior Department Chief Information Officer W. Hord Tipton, currently the executive director of the IT certification and education organization (ISC)2.
"When we put ourselves in state of chaos like this, and this is what it will be, think of the opportunities for striking through the APTs (advanced persistent threats), they can pick and choose the targets with much less security behind them," said Tipton.