SecurityScorecard Releases Cybersecurity Impact & Risk Analysis Report of US Government Shutdown

By Jeff Aldorisio

Posted on Jan 30, 2019

SecurityScorecard’s threat intel team released a report on the recent US government shutdown. The shutdown of 2018 - 2019 was recorded as the longest halting of federal government operations in American history. The shutdown lasted 35 days and resulted in the temporary pause of non-critical functions and resulted in many government employees being furloughed or working with delayed wage payments. Temporary funding of regular government operations were shut down until it was recently authorized again on January 25, 2019.

During the period of cessation, it was reported by several information security firms and media outlets that the overall cybersecurity of the United States was put at risk by the shutdown. The general hypothesis being that the reduction in labor force and halting of expenditures may have resulted in critical networks going unmanaged and unmonitored. This occurrence may have been the emergence of new exploitable conditions that may be leveraged by a malicious adversary such as a state sponsored actor.

The results of our research indicate that it can be confirmed certain aspects of the US Government’s Network Security score dropped during the course of the shutdown, specifically as a result of an increase in the number of expired SSL certificates that were detected on the public internet. However, unexpected results surfaced that indicated that two important cybersecurity scores improved during the course of the shutdown - specifically, Endpoint Security and Patching Cadence.

The analytic parameters of research in the report include:

  • 128 Federal Government agencies were selected for analysis
  • Scores are represented as percentages on a scale of 100, and map to letter grades of A-F in the same format as the academic grading system.
  • Researchers selected the three (3) risk issue categories that showed the most change:
    • Network Security - Measurement of detected open ports, SSL certificate issues
    • Patching Cadence - Measurement of software updates and patching frequency
    • Endpoint Security - Measurement of identified vulnerabilities in operating systems and web browser versions of end user devices (workstation and mobile)

To see more results and read the full version of the report, please follow here.

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!