Cloud computing, integrated servers and virtualization have made it harder for agencies to figure out exactly how to handle IT operations in the event of a government shutdown.
Mark Forman, who served in the first federal chief information officer role as the administrator of e-government and IT, has seen this song and dance before, but says this time it will be a different ball game, especially when it comes to securing the federal IT infrastructure.
“There’s a critical security aspect of this that people need to keep in mind,” he said. “Even though you’re not managing or using that application, if it’s reachable by the Internet, it needs to be monitored and protected. Because of the nature of the networks and virtualization of these data centers, even if the application isn’t being run, if it’s accessible via the network, the security needs to be maintained.”
Continuous monitoring, he said, is something agency leaders cannot overlook when dealing with a possible shutdown. More so than in past years, cybersecurity has become an integral part of agency IT operations and a shutdown would create an ideal opportunity for malicious cyber-attackers.
“The threat environment is constantly evolving and changing,” Forman said. “You diverge in your ability to protect against threats every day if it’s not being managed.”
Much of the infrastructure will continue to run, but will not be managed as many IT functions are automated or at least can be in the event of a shutdown. IT security, however, is not a segmented activity where one specific function can easily be shut down, Forman said.
“So much more is integrated this time around, including how cybersecurity is done,” he said. “Things in the past that weren’t part of the discussion, like continuous cybersecurity monitoring, are now necessary and need to be kept open.”
Regardless if the shutdown happens, procurement offices and contractors will take a major hit. The last 10 days of September are a critical period when many of end-of-the-year government awards are made. Forman said procurement offices have had to shift their focus from the tremendous workload of those awards and instead focus on preparing for a shutdown.
The impacts, he said, will ripple for months through government.
John Palguta, vice president for policy at the Partnership for Public Service, said some of the costs associated with the shutdown cannot be calculated.
“There’s a real human cost that’s hard to quantify, but still very real,” he said.
The more tangible costs, such as backlogs building up, hours devoted to shutdown-related work and administrative costs will come at a high price to government. Palguta said the cost of simply wasting time not doing more productive work would be significant. The government shutdown of 1996 cost the government $1.4 billion.
Another factor for agency leaders to consider will be the actual physical technology. Increased mobile adoption and the number of workers teleworking give government less control of who is accessing what technology.
This is where things could get tricky, according to Palguta. Officially, workers would not be authorized to conduct government business, which means not receiving or sending work-related messages from work devices, and not logging into the system until the shutdown is over.
Despite all of this time spent planning, the administration is confident a shutdown will not happen.
Office of Management and Budget spokeswoman Emily Cain said the administration strongly believes a lapse in appropriations should not occur. Congress has enough time to prevent a shutdown, and the administration is willing to work with Congress to enact a short-term continuing resolution to fund critical government operations.
Agencies are taking appropriate action to prepare for an orderly shutdown, but Cain said OMB hopes this work will be “unnecessary and there will be no lapse in appropriations.”