Even with systems shut down, functions like patching and installing key maintenance upgrades are important and could pose a challenge for skeletal teams that have been assembled to manage IT systems during a shutdown, he said.
If the shutdown were to persist through the second Tuesday of October for instance, many agencies could find themselves scrambling to install Microsoft's monthly security updates, Spafford said.
Mike Brown, vice president and general manager at security firm RSA's global public sector unit, noted that security risks to federal agencies overall should not increase dramatically as a result of the shutdown. However, the potential for agencies to make mistakes increases during times of reduced staffing.
"I would expect that most of the infrastructure would be maintained by personnel who have been designated as essential, and that planning has taken place to ensure security remains a priority," Brown said. "However, any time there is an event like this, there is the potential for mistakes to take place," Brown said. "Not only will the impact of nonessential personnel weigh on an organization, but additional issues could arise based on the overall status of personnel and priorities."
A Sept. 16 directive issued by the White House Office of Management and Budget requires federal agencies to wind down all IT activities other than "excepted" activities, including those that are essential to safety and protection of property, in the event of a government shutdown.
The directive leaves it up to agency heads to determine what systems can be kept running, but it makes clear that the only systems allowed to run will be those that directly support an exempted activity. If that system happens to be interconnected with other system, the agency has to figure out a way to keep it running without affecting the safety and security of the other systems, the directive noted.
"Given that websites represent the front-end of numerous back-end processing systems, agencies must determine whether the entire website can be shut down or components of the website will be shut down," to ensure compliance with procedures during an appropriations lapse, the OMB memo noted.
This article, Shutdown could test IT security at federal agencies, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at 
@jaivijayan or subscribe to Jaikumar's RSS feed 
. His e-mail address is jvijayan@computerworld.com.
See more by Jaikumar Vijayan on Computerworld.com.
Read more about Government IT in Computerworld's Government IT Topic Center.
Pilot fish is called in to fix this big photocopier, and he's told the copier keeps jamming, spreading toner spots across the pages and staining the pages with oil. But when he checks it out, nothing's wrong.
Free Insider Guide
Looking for hot technologies, abundant training, killer benefits and strong career development? Here's where you want to work. Find out more.
