CISA Addresses Cyber Threats Amid Shutdown, Workforce Reductions

Federal cyber leaders say that the ongoing government shutdown and workforce reductions could affect the nation’s ability to defend against increasingly aggressive foreign cyber threats as new, high-impact breach surfaces in federal networks.

“When we say ‘at risk,’ it’s national security because [adversaries are] going to get in there and surveil communications. And with nobody there to see these things happening, no eyes on glass, they’re going to embed so far that we’re not going to be able to purge them,” Mike Hamilton, former CISO for the City of Seattle, told GovCIO Media & Research.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week warning of an “imminent threat” to federal networks after discovering that a nation-state linked actor compromised systems belonging to IT infrastructure vendor F5.

CISA warned that successful exploitation could allow intruders to access embedded credentials and API keys, move laterally through networks, exfiltrate sensitive data and establish persistent system access.

“The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies. These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems,” CISA Acting Director Madhu Gottumukkala said in a statement.

The directive orders all Federal Civilian Executive Branch (FCEB) agencies to inventory F5 BIG-IP products and apply the latest security updates following the company’s confirmation that threat actors accessed proprietary source code and vulnerability data.

“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” CISA said in the directive.

The directive marks the latest in a series of urgent CISA actions aimed at hardening federal systems against vendor supply chain compromises and nation-state driven cyber intrusions.

“In order to combat these threats, CISA needs to have sufficient personnel to carry out its mission, particularly at a time when canceled contracts and cooperative agreements have left CISA without critical third-party support,” Rep. Eric Swalwell stated in a letter to Gottummakkala.

Shutdown Impacts at CISA

The incident comes amid the federal government shutdown, the lapse of the 2015 Cybersecurity and Information Sharing Act (CISA 15) and federal workforce reductions. The Department of Homeland Security has laid off roughly 176 employees, according to an Oct. 1 court filing.

Lou Eichenbaum, former CISO and zero-trust program manager at Interior Department, told GovCIO Media & Research in an interview that it is “impossible” for agencies to build resilience into networks right now because of the shutdown-related workforce reductions.

“The loss of the Information Sharing Act means nobody is going to tell anybody what happens. And there’s nobody at CISA to package that stuff up and send out a bulletin with anonymized details. All that’s going to come to a stop,” said Hamilton.

Despite these challenges, CISA Director of Public Affairs Marci McCarthy told GovCIO Media & Research in a statement that the agency’s ability to detect, report or deter cyber threats is not impacted.

“CISA continues to sustain essential functions and provide timely guidance to minimize these disruptions. CISA remains dedicated to safeguarding the nation’s critical infrastructure,” said McCarthy.

She said the reductions in force at CISA are part of the administration’s “ongoing realignment to get the agency back on mission,” adding that “CISA is executing its mission to protect the homeland” amid the shutdown.