I won’t get into the politics of the current US government shutdown. Last week on the Gestalt IT Rundown, Ken Nalbone and I discussed some of the security implications. This was based on the fact that over 80 TLS certificates were not removed, making it difficult to log into sites with proper security, especially on Chrome.
Brian Krebs does his usual excellent job breaking down a lot of the implications. One of the things that I hadn’t thought about was the effect on future recruitment efforts, and retaining security talent. Krebs has spoken to sources who have said that people are trying to retire or move to the private sector as fast as they can. This has been delayed though since there are no human resource personnel to process these requests. Even people that want to stay can’t get the security clearances they need.
This grinds to a halt a lot of ongoing investigations. To say nothing of the fact that everyone now knows that government agencies have no one at the helm and systems are going unpatched.
The piece goes into great detail on all of this. By some estimates, this puts security efforts by the US government back by five years or more.
Source: Krebs on Security
