The government shutdown caused by the bitter budget standoff over United States President Barack Obama’s health care law will put to test the ability of federal agencies to protect their IT systems against security threats. How U.S. government IT departments handle the next few days could serve as valuable case study for IT organizations in Canada.
An estimated 800,000 federal workers were furloughed today and more than 1 million others were asked to work without pay. The importance of contingency plans and business continuity plans could not be stressed enough.
Agencies were ordered shortly before midnight Monday to execute plans for an orderly shutdown “due to the absence of appropriations” since Congress failed to act to keep the federal government funded.
Some agencies have released emergency plans indicating how they intend to scale down IT teams and services in order to maintain and protect their IT infrastructures as the rest of their organization’s workforce are ordered not to come in for work.
Here are some issues that might be worth taking in for Canadian federal IT organizations.
Contingency plans for federal agencies should be adequate for a few days but not for a long stretch, according to Eugene Spafford, executive director of the Centre for Education and Research in Information Assurance and Security at the Purdue University.
He said even with a systems shut down, functions like patching and installing key maintenance upgrades are vital and could become a challenge for a skeleton crew.
For instance, if the shutdown were to stretch until next Tuesday, Spafford said, many agencies would be scrambling to install Microsoft Corp’s. monthly security updates.
Agencies should also consider whether they should shut down completely their Web sites or just shut down components of it.
If their systems are interconnected with other systems, CIOs for federal agencies should determine a way of keeping them running without affecting the security of other systems.
While the shutdown might not dramatically increase security risk, the potential for agencies to make a mistake increase during times of reduced staffing, said Mike Brown, vice-president for global public sector unit of security firm RSA Security LLC.
Here’s a snapshot of what some federal organizations are handling staffing issues.
The U.S. Department of Veterans Affairs for example has plans to furlough 40 per cent or 3,267 of its 8,026 IT employees. The remaining staff will be responsible for tasks such as network maintenance and protection, information security and keeping the data centre running.
The Federal Trade Commission exempted a total of six workers from the taking furlough. The six will make sure of the availability and integrity of the agency’s IT infrastructure as well as direct support of the agency’s network and telecommunications services, operating the FTC’s data centre, rotating backup media for offsite store and providing on-site database administration support.
The Social Security Administration will leave 10 per cent or 310 of its 3,187 IT employees to handle infrastructure and program support. The Department of Housing and Urban Development has asked 349 of its 8,709 administrative and management staff to work through the shutdown. That includes 13 IT workers out of the departments 244 IT staff.
Many CIOs will likely have their security and network analysts deemed “essential” in order to have them available on a “heightened state of awareness” said Karen Evans former de facto federal CIO for the George W. Bush administration.