Posted on Jan 30, 2019
SecurityScorecard’s threat intel team released a report on the recent US government shutdown. The shutdown of 2018 - 2019 was recorded as the longest halting of federal government operations in American history. The shutdown lasted 35 days and resulted in the temporary pause of non-critical functions and resulted in many government employees being furloughed or working with delayed wage payments. Temporary funding of regular government operations were shut down until it was recently authorized again on January 25, 2019.
During the period of cessation, it was reported by several information security firms and media outlets that the overall cybersecurity of the United States was put at risk by the shutdown. The general hypothesis being that the reduction in labor force and halting of expenditures may have resulted in critical networks going unmanaged and unmonitored. This occurrence may have been the emergence of new exploitable conditions that may be leveraged by a malicious adversary such as a state sponsored actor.
The results of our research indicate that it can be confirmed certain aspects of the US Government’s Network Security score dropped during the course of the shutdown, specifically as a result of an increase in the number of expired SSL certificates that were detected on the public internet. However, unexpected results surfaced that indicated that two important cybersecurity scores improved during the course of the shutdown - specifically, Endpoint Security and Patching Cadence.
The analytic parameters of research in the report include:
To see more results and read the full version of the report, please follow here.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.