Government Shutdown: What Are IT Systems Risks?

If the looming government shutdown comes to pass, Federal IT faces security, budget, and workflow risks.

Patience Wait, Contributor

September 30, 2013

6 Min Read

Top 10 Government IT Innovators Of 2013

Top 10 Government IT Innovators Of 2013

Top 10 Government IT Innovators Of 2013 (click image for larger view)

As federal agencies brace for a government shutdown, deciding which IT staffers will be needed to maintain essential operations and who will be furloughed has proven much harder to resolve than when the government last shut down, 17 years ago.

With the House unable to deliver a spending resolution on Sunday that would win acceptance by Senate Democrats and the president, it appeared likely that the majority of government agencies would shut down just after midnight on Oct. 1 and more than 800,000 federal workers would be furloughed, with more than a million people more facing the prospects of working without a paycheck.

But who exactly will keep the government's IT systems running, especially if the shutdown isn't resolved quickly, remains in question.

[ The government IT workforce is dealing with a variety of problems. Read Federal IT Staffing Mess: Budget Chaos + Aging Workforce.]

The shutdown would mean a wide range of government activities will be suspended, including access to national parks and museums and the processing of passport and FHA loan applications. But the Departments of Defense, Homeland Security, Justice, and Health and Human Services, the FAA, and other agencies which provide essential public services will remain open, albeit without full support.

Technology plays a larger role in the daily operations of government than it did a decade ago. IT systems, applications and databases are more intricately linked across the federal government. Agencies also depend on a more complex arrangement of internal, inter-agency and external players to manage everything from email and business support systems, to cybersecurity, to the vast customer databases maintained by the IRS and the Social Security Administration. Knowing who is responsible for which operating layers of an agency's IT systems isn't always clear.

"It used to be easier, in previous situations, to figure out who in IT -- employees and contractors -- gets to stay on the job, because everything was siloed," Mark Forman, former administrator for e-government and IT at the Office of Management and Budget, told InformationWeek.

"As agencies have leveraged virtualized networks, storage and production environments, the lines have blurred. Now a greater portion of the IT workforce will need to stay on the job," said Forman, now president of Government Transaction Services.

How much of that IT workforce is deemed to be essential, however, is a call that each agency must make on its own.

At the Federal Emergency Management Agency, for instance, all but about 150 out of roughly 2,000 IT operations employees and engineers were told not to come to work if Congress fails to pass a funding resolution and the government shuts down Tuesday, according to a source familiar with FEMA's operations. Whether that skeletal crew is able to maintain all of FEMA's systems should the shutdown last more than a few days, especially in the event of a cyber breach, is a real concern, the source said.

If the government cyber warriors aren't on duty, many systems will be protected, but a lot of the mundane things won't be, raising the risk of penetration, Tom Davis, former Virginia congressman and chairman of the House Government Reform committee, told InformationWeek. Davis, now a director at Deloitte, was author of the Federal Information Security Management Act (FISMA) and a member of Congress during the shutdowns of the 1990s.

On the other hand, if cyber security measures are in place and the personnel on duty are sharp, removing a lot of the activity from government IT systems will make it easier to spot menacing activities, said Karen Evans, who succeeded Forman at OMB and now serves as national director for the U.S. Cyber Challenge. "I'm assuming there's a core set of IT people designated as essential in order for them to serve the other essential employees. The last shutdown we didn't go home," Evans said. "I'd like to think they all have their plans, that everything's in place ... because this is what FISMA was supposed to be looking at."

When OMB issued a memo providing planning guidance in advance of a "potential lapse in appropriations" on Sept. 17, the directive made no direct mention of staffing IT operations. Instead, it focused on which of a limited number of essential government functions much be supported -- such as national defense, public safety and programs such as Social Security, Medicare and Medicaid, even if their funding ceases.

"There isn't any guidance from [the Office of Personnel Management] or OMB on the subject [of IT operations] that I know of," said a senior IT adviser at one federal agency. "My guess is that if someone is deemed crucial to supporting services or programs that involved life-sustaining or emergency activities, and probably most crucial folks in cyber defenses, they'll probably be exempted."

[ How will a shutdown affect Obamacare? Read Tech Glitches Trip Obamacare Exchange Launches. ]

Another complicated dimension of the shutdown is how to handle IT procurements. There is always a rush of spending at the end of a fiscal year, as agencies make purchases in order to not lose allocated funds. But combining that with a shutdown brings added risks, said Forman.

"There are many end-of-year contracting actions that are clogged for a number of reasons this year, and the people who are orchestrating the shutdown prioritization and communication decisions are not available to perform the end-of-year actions," said Forman. That can lead to a higher risk that more contracting actions will be "done wrong or not done" and result in "decision errors or miscommunication to the IT contractors."

Stan Soloway, president and CEO of the Professional Services Council, agrees with that assessment.

"If you have a clogged system and you don't have sufficient acquisition folks working, it's just going to make the clogging worse," he said. "If [the shutdown] is just a day or two, it won't be that bad. If it's longer, like the one in 1996 that was 22 days, it will be much worse."

Davis said the government stands to lose a minimum of a billion dollars, and it could be several billion, because of the costs associated with shutting down and starting up operations along with associated delays.

He offered some advice to the IT professionals who will be wrestling with both keeping systems functional and protecting them.

"Just keep doing your job. There's a lot of dysfunction in the government right now," he said. "In the last shutdown when Congress was squabbling, the only adults were the government employees who just kept doing their jobs."

About the Author(s)

Patience Wait


Washington-based Patience Wait contributes articles about government IT to InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights