Jared Serbu There’s obviously a lot of gaps that have been temporarily created by the shutdown, but let’s talk specifically about cybersecurity. What concerns you most based on what we know about, for example, who’s been furloughed at the moment?
Justin Miller Well, cybersecurity isn’t something that you can pause. Adversaries don’t take days off and during a shutdown, critical cyber defenders are furloughed, patching stops, threat monitoring slows. Attackers know exactly when we’re vulnerable, and that’s when our government’s not working. And the shutdown goes beyond a budget issue. It’s a national security risk when we don’t have our strongest cyber warriors and operational personnel monitoring those systems that secure our networks, our water systems, our critical systems on a daily basis.
]]>
Jared Serbu Based on previous shutdowns and, I don’t know, similar events where it is widely known that there’s a diminished capacity in the federal government, how do adversaries tend to respond to that? Have we seen an increase in threat activity or specific ways in which they might change their TTPs and the way they approach a particular target in the government?
Justin Miller Yeah, I think when you look at cyber security, you understand that it’s a matter of people, processes and technology. And when we look at bringing in our adversaries and how they’re going to try to attack us or look for vulnerabilities in our networks, it starts with reconnaissance. And if you don’t have that technician or the cyber practitioner in the chair monitoring those systems, you can’t defend a network with an empty chair. And that reconnaissance starts, in some ways, a passive reconnaissance in that they try to glean information about individual individuals within our government who run our government. And if those individuals, if they can see, aren’t managing their operational capacity appropriately and they’re identified as a weak link, you’re going to start seeing phishing emails, all sorts of attempts to try to get them to mismanage what they’re in charge of and create an operational weak link. And it’s not so much that we see it in real time, it’s that there’s a lot of noise ahead of time, where we know that they’re in the telecommunication systems. We know that there are certain rogue events that are occurring in, just recently, in New York, previously in Mission, Texas. Those are the things that are telling us that our adversaries, in some cases, are within our networks. That’s kind of them just kind of rattling the cages. And then when we have these shutdowns, that’s the perfect time to be able to exploit your access, to see if your access is actually actionable. Because cyber criminal actors, cyber espionage actors, they’re looking for information and access to it. And when we don’t have the right people sitting in those chairs, or people who understand cybersecurity, that access becomes available to them through either an access or just the information itself. And we’re not seeing that they’re there in a sense that we would if we had enough people continuing to work in our secure operations centers.
Jared Serbu And of course, one of the ways those threat actors would love to be able to gain information is by recruiting an insider. What do we know or what concerns you about the extent to which a government shutdown, hundreds of thousands of people not being paid, increases the possibility that someone might be able be recruited for that kind of thing?
Justin Miller Yeah, because in cyber it’s people, processes and technology, and humans are the weakest link, and that shutdown makes it worse. Cause we’ve got employees who maybe aren’t 100% focused. Whether they’re worried about paychecks and how they’re going to pay their bills and are they having to expend more of their own funds to show up because they’re considered essential and maybe they’re not getting paid. But that shutdown amplifies that insider risk, that there’s almost a level of desperation or financial stress. And when you start stressing your workforce, you’re going to get instant morale problems. I think if you see a shutdown, it’s a morale killer, and your mental bandwidth goes away from your action and objectives at your assigned job because you’re distracted. You’re not looking at probably your screen well enough or monitoring your systems well enough when you’re worried about whether or not you’ve got enough money in the bank to pay your mortgage, to provide food for your family. And the adversaries know that and they exploit that distraction. So it doesn’t matter how robust your cybersecurity process is. If you’re distracted, with people, people are the weak link to the system, to the network. And if you’re not mentally strong, if you’re not physically strong, because you’re constantly in anxiety and worry over your financial situation, you start making potentially bad decisions. And some of those bad decisions could lead to being exploited by rogue actors and maybe making a financial decision that probably wasn’t the best for you. Again, information and access to it are what our rogue actors are looking for. And if you’re not paying those critical personnel who have that, maybe they slip and provide that through other means. And maybe that’s a rogue actor paying them, and access is now given to something that we probably could have avoided if we didn’t have a shutdown.
Jared Serbu One thing that I think has changed at least a little bit, and this is hard to quantify, changed a little bit since the last long-term shutdown is some rise of automation and AI-assisted techniques in defending federal networks as that technology has become more and more mature. I wonder if you have a take on how much comfort we should take from that, that those things are continuing to run in the background even if not all the people are there.
Justin Miller Well, that’s the thing, is if AI is running in the background, you want to make sure that the person who is there monitoring it, there’s checks and balances. And oddly enough, I’m sure, I would almost bet, that the one person who understands how to infer, identify artifacts that would need further investigation to determine risk has probably been furloughed. And you don’t really know the skillset or the level of the individual who’s now in charge of monitoring any AI operations. But the key point there is everybody’s scared of AI right now. And in some ways, rightly so, but it’s the policy and governance over that system that matters. And you’ve got to have a human there to be able to interpret the actions of that AI. And again, when we have a government shutdown, we’re not really saving money. We’re shifting risk and we’re shifting operational capacity for, I don’t know, I’m hard-pressed to see the game in that. It’s just really, it’s hard to reboot trust. When defenders leave, knowledge leaves, and we don’t know whoever’s monitoring that AI has the true capacity to do that job. They’re probably, they were assigned to probably a different role and got reassigned to the AI role. And now they’re doing three or four different roles to cover the gaps. And again, attention is not probably best focused.
Jared Serbu In our last couple of minutes here, I wonder if there’s aspects of this where we may not see the damage for a couple of years. I mean, does the government’s reduced defensive posture make it easier for things like an adversary to do something like gain access to a network, maybe harvest a bunch of data without our knowledge, and then do something with it a couple years from now and that’s when we find out about it?
]]>
Justin Miller Yeah, absolutely. That’s just, that’s the common core with, I think back to the OPM breach. You’ve got a rogue nation who’s breached our governmental processes to understand who our government employees are, and they’re just going to silently monitor that. There’s your reconnaissance right there. They’re going to continue just to watch and wait for an opportunity and use it when they decide that they have the advantage and when that access can be advantaged. So it’ll be hard-pressed, but you’ll definitely see rogue entities waiting for a specific time and a place that they think it would be advantageous to them to launch that, and whether they’re, whether rogue nations are paying individual cyber criminals to attack networks and gain that access, or they have their own institutional knowledge to do that, a government shutdown presents a perfect opportunity to deploy actions that we’re probably going to miss. And that might give them the perfect opportunity, if they have access that we’ve missed, to upload things and put things into our national infrastructure for a later time of their choosing. And it’s kind of scary to think that that capacity is out there. And I hate the term politics. People say, well, it’s politics. Well, politics in this case is affecting everyone’s lives. And it starts with cybersecurity, because those are going to be the connections to the critical infrastructure of our government, of our operational capabilities. And you may think you live in small town New Mexico where you’re not a national security concern, but when the bad guys are in your water system and they take it offline, and now when they launch that attack and they take your water out all over the United States, now you’re a national security concern because it’s creating an imbalance across the entire United States that requires assets to fix. And that’s what we’re missing.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
