Shutdown could test IT security at federal agencies
Even with systems shut down, functions like patching and installing key maintenance upgrades are important and could pose a challenge for skeletal teams that have been assembled to manage IT systems during a shutdown, he said.
If the shutdown were to persist through the second Tuesday of October for instance, many agencies could find themselves scrambling to install Microsoft's monthly security updates, Spafford said.
Mike Brown, vice president and general manager at security firm RSA's global public sector unit, noted that security risks to federal agencies overall should not increase dramatically as a result of the shutdown. However, the potential for agencies to make mistakes increases during times of reduced staffing.
"I would expect that most of the infrastructure would be maintained by personnel who have been designated as essential, and that planning has taken place to ensure security remains a priority," Brown said. "However, any time there is an event like this, there is the potential for mistakes to take place," Brown said. "Not only will the impact of nonessential personnel weigh on an organization, but additional issues could arise based on the overall status of personnel and priorities."
A Sept. 16 directive issued by the White House Office of Management and Budget requires federal agencies to wind down all IT activities other than "excepted" activities, including those that are essential to safety and protection of property, in the event of a government shutdown.
The directive leaves it up to agency heads to determine what systems can be kept running, but it makes clear that the only systems allowed to run will be those that directly support an exempted activity. If that system happens to be interconnected with other system, the agency has to figure out a way to keep it running without affecting the safety and security of the other systems, the directive noted.
"Given that websites represent the front-end of numerous back-end processing systems, agencies must determine whether the entire website can be shut down or components of the website will be shut down," to ensure compliance with procedures during an appropriations lapse, the OMB memo noted.
This article, Shutdown could test IT security at federal agencies, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at
@jaivijayan or subscribe to Jaikumar's RSS feed
. His e-mail address is jvijayan@computerworld.com.
See more by Jaikumar Vijayan on Computerworld.com.
Read more about Government IT in Computerworld's Government IT Topic Center.
- iOS 7 Must Know Tips and Tricks
- Apple iPhone 5S vs. Nokia Lumia 1020: Which Camera is Better?
- How Tech Companies Can Succeed by Going Private
- CIOs Share How They Made the Leap to CEO
- Slideshow: 7 ways users drive IT support crazy
- How to spot a phishing email
- Social engineering: The basics
- 20 security and privacy apps for Android and iPhone
Pilot fish is called in to fix this big photocopier, and he's told the copier keeps jamming, spreading toner spots across the pages and staining the pages with oil. But when he checks it out, nothing's wrong.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Data Analytics: The Prescription for High Health Care Costs
- As health care costs increase, the amount of money government pays out for Medicare and Medicaid also increases.
- The Need for Self-Service Data Tools, Not Scientists
- Data science is one of today's hottest fields and one that is rife with competition.
- Top Five Things You Need to Know about Backup Transformation and VMware
- Not all backup architectures are created equal; some are inherently smarter. Important considerations include scale, efficiency and ease of use of the disk...
- Save Time and Money with Savvy Use of Flash in Automated Storage Tiering
- Designing a storage environment to scale for both capacity and performance used to be somewhat mutually exclusive. Armed with new discoveries on data...
- Leveraging EMC VSPEX for Rapid ROI
- ESG analyzes VSPEX and its impact on three customers - through interviews and quantitative research. Findings report that VSPEX provides a flexible solution... All Government IT White Papers
- Accelerate Your Journey to the Cloud with EMC VSPEX Proven Infrastructure Watch to discover why EMC VSPEX offers the simplicity, efficiency, and flexibility for organizations to scale as their businesses grow.
- Move Beyond Point Solutions to Enterprise Mobility Management Mobile Minute: Moving to enterprise mobility management.
- Secure Mobile Email Users Will Love Maintain full control over sensitive corporate data
- Securing Mobile Devices with Citrix XenMobile MDM In this video, Chief Demo Officer, Brad Peterson provides a demo of how Citrix XenMobile MDM works.
- IBM Delivers Innovation On New x86 Systems and Solutions You need an IT infrastructure that provides scalability, performance and efficiency tailored to the specific goals of your business. Join us for this...
- All Government IT Webcasts
Looking for hot technologies, abundant training, killer benefits and strong career development? Here's where you want to work. Find out more.

