Amid a government shutdown that has now lasted over five weeks, the U.S. Congressional Budget Office (CBO) announced on Thursday that it recently experienced a hack and has taken steps to contain the breach. CBO, which supplies unbiased financial and economic data to lawmakers, has reportedly been infiltrated by a “suspected foreign actor.” CBO spokesperson Caitlin Emma told WIRED that the agency has “implemented additional monitoring and new security controls to further protect the agency’s systems” and that “CBO occasionally faces threats to its network and continually monitors to address those threats.” Emma did not respond to WIRED’s inquiries about whether the government shutdown has affected the agency’s technical staff or cybersecurity efforts.
As the shutdown continues to cause instability in the Supplemental Nutrition Assistance Program (SNAP), leaving many Americans hungry, and leads to shortages of air traffic controllers disrupting flights, the financial strain on federal employees and operational shortages at the Social Security Administration are increasingly felt across the country. Researchers, along with current and former government employees and federal technology experts, caution that lapses in critical activities during the shutdown—such as system patching, activity monitoring, and device management—could have significant repercussions for federal cybersecurity, both now and in the future.
“A lot of federal digital systems are still just running in the cloud throughout the shutdown, even if the office is empty,” said Safi Mojidi, a cybersecurity expert with past experience at NASA and as a federal security contractor. “If everything was set up properly, then the cloud provides an important baseline of security, but it’s hard to feel secure during a shutdown, knowing that even under normal circumstances there are challenges in getting security right.”
Before the shutdown, federal cybersecurity personnel were already facing layoffs at agencies such as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which could impair digital defense coordination across the government. CISA has continued to reduce staff during the shutdown.
In a statement, spokesperson Marci McCarthy noted that “CISA continues to execute on its mission,” but did not respond to WIRED’s questions about how the shutdown has affected their work and the cybersecurity preparedness of other agencies, attributing the situation to Democrats.
While the government’s shift to the cloud over the past decade and increased focus on cybersecurity in recent years offers some resilience during disruptions like a shutdown, experts point out that the federal landscape is uneven. Some agencies are more advanced and better equipped than others. Furthermore, the backlog of missed digital security tasks that accumulates during the shutdown could pose challenges for workers when they return.
