Thousands of federal cyber workers are returning to their posts after more than a month on furlough today. And they have a big to-do list. The first priority: Looking for evidence of any major hacks that wormed through government defenses the past 35 days while agencies were working with a skeleton crew of security pros. It will take them days or weeks to pore through security logs to assess how much damage the shutdown did to the security of government computer networks and the sensitive data they hold. The attacks did not abate because the government was closed: One cyber manager who worked without pay during the shutdown described an uptick in attacks on his agency — including phishing emails containing malware, attempts to reset employee passwords and attempts to trick users into downloading malicious software cloaked as a legitimate update. Also on the docket: Figuring out how to adjust the multimillion-dollar contracts to upgrade and secure federal IT systems that have spent more than a month on ice.
Perhaps most dishearteningly, cyber and IT leaders across the government will need to figure out the smartest way to prepare for the possibility of another shutdown if Congress and the president can’t reach a new funding deal when the current one expires in three weeks. President Trump has said congressional Democrats must give him new money for a U.S.-Mexico border wall or risk another shutdown when the temporary funding expires.
The best hope, former officials told me, is that agencies can learn from the shutdown just ended to prepare as smartly as possible for the next one — if and when it comes.