Recovering From the Prolonged Government Shutdown

U.S. Senators are inching closer to a deal to reopen the federal government as it enters its 41st day of a shutdown. When federal agencies return to work after a prolonged shutdown, getting their complex IT ecosystems fully operational is a daunting prospect.

Since the government shutdown began, many federal agencies have been able to keep critical systems functioning. The public can access some services, but much of their ongoing modernization efforts and maintenance on data and systems have come to a halt.

As with any situation that could severely impact operations, federal agencies develop, practice and refine contingency plans that cover government shutdowns. But the impact of shutdowns can vary greatly depending on the length of the disruption and other factors.

“With this shutdown, there is an additional challenge that with the cutbacks in government, many senior people have opted to leave. Agencies have lost some of the institutional memory of how to handle a shutdown,” Alan Balutis, president of APB Ltd and former Commerce Department CIO, told GovCIO Media & Research. “We used to dust off the contingency plan and talk it over with the new agency leadership. But when the people who built and implemented the plans during previous shutdowns are gone, there can be problems adjusting the plans to reduce the impact of the shutdown.”

The effects of the shutdown are impacting some agencies more than others.

“We’re seeing a definite split between the defense, intelligence and law enforcement agencies, which are still operating at almost normal levels, and many civilian agencies which have been severely impacted by the shutdown,” said Will Layton, senior vice president for global sales at Senzing.

“Out of the approximately 2.3 million government employees, about one-third of them are furloughed,” said Travis Galloway, senior director of government affairs at Solarwinds. “Coming out of this prolonged shutdown is different from coming back to the office for an RTO. Think of the infrastructure as like a hamster wheel. It requires constant care, feeding, patches, monitoring logs and performance, and it’s got to keep moving.”

Expect Delays in Achieving Full Operationality

Returning from a shutdown also means dealing with the backlogs that have accumulated.

“While the systems have been functioning, much of the data collected has not been processed. When the government comes back, someone’s going to need to process all that data,” said Chris Cullerot, vice president of information and public administration sector at iTech AG. “This creates backlogs that will slow attempts to resume pre-shutdown operational states. The systems are not receiving security or operability patches. Systems hygiene is not occurring. And that creates security concerns that will need to be addressed.”

“Restoring user access will be a key priority and pain point once the shutdown ends. Federal employees will need assistance with password resets due to account expirations and forgotten passwords. This will put a major strain on IT help desks,” said Ryan Beauchemin, vice president ITC Federal.

Surviving the First Five Days

Experts say the first five days back will be a critical time for most agencies.

“The most important thing for agencies to do will be to reconfirm their trust in their systems and their data. During the shutdown, many agencies were focused only on keeping their mission-critical systems functioning. That left gaps in significant portions of the agency’s systems that were not getting the same level of cybersecurity monitoring that they were given before the shutdown,” said Stephan Mitchev, field CTO at Splunk and former CTO at the Patent and Trademark Office. “Agencies need to assume adversaries have been more active during the shutdown and exploited gaps in non-mission critical systems.”

Mitchev suggested agencies create a task team within their security organizations to review the time of the shutdown itself. They need to see if there is something that might have been missed, or if new attack vectors have surfaced. He also suggests that agencies look at the shutdown as a resilience exercise and use it as an opportunity to learn and improve.

“Look at what worked well and what didn’t. Can you put in additional automation, observability and better sensors around your infrastructure, systems and applications?” he said.

Reconnect with Your Business

One of the most important things for federal IT organizations to do is to reconnect with the mission and operations side of the agency. During the shutdown, agencies and many of the contractors that support them are operating with skeleton crews.

According to Milchev, “You’re not having regular planning meetings, sprint or cycle planning. Your product development release planning is going to be put on hold. You should use this time to re-prioritize your product development roadmaps based on what you learned from the shutdown and how it may have shifted priorities.”

Life after the Shutdown

Government employees can expect both short-term and long-term effects from this prolonged shutdown. In the short term, there will be significant delays while IT staffs struggle to prioritize the work that needs to be done and the myriad of housekeeping issues necessary to provision agency employees and maintain and restore all systems and applications. But it will take much longer before the important systems modernization efforts needed by most agencies can be resumed.