Government Shutdown: What Are IT Systems Risks?

If the looming government shutdown comes to pass, Federal IT faces security, budget, and workflow risks.

As federal agencies brace for a government shutdown, deciding which IT staffers will be needed to maintain essential operations and who will be furloughed has proven much harder to resolve than when the government last shut down, 17 years ago.

With the House unable to deliver a spending resolution on Sunday that would win acceptance by Senate Democrats and the president, it appeared likely that the majority of government agencies would shut down just after midnight on Oct. 1 and more than 800,000 federal workers would be furloughed, with more than a million people more facing the prospects of working without a paycheck.

But who exactly will keep the government's IT systems running, especially if the shutdown isn't resolved quickly, remains in question.

[ The government IT workforce is dealing with a variety of problems. Read Federal IT Staffing Mess: Budget Chaos + Aging Workforce.]

The shutdown would mean a wide range of government activities will be suspended, including access to national parks and museums and the processing of passport and FHA loan applications. But the Departments of Defense, Homeland Security, Justice, and Health and Human Services, the FAA, and other agencies which provide essential public services will remain open, albeit without full support.

Technology plays a larger role in the daily operations of government than it did a decade ago. IT systems, applications and databases are more intricately linked across the federal government. Agencies also depend on a more complex arrangement of internal, inter-agency and external players to manage everything from email and business support systems, to cybersecurity, to the vast customer databases maintained by the IRS and the Social Security Administration. Knowing who is responsible for which operating layers of an agency's IT systems isn't always clear.

"It used to be easier, in previous situations, to figure out who in IT -- employees and contractors -- gets to stay on the job, because everything was siloed," Mark Forman, former administrator for e-government and IT at the Office of Management and Budget, told InformationWeek.

"As agencies have leveraged virtualized networks, storage and production environments, the lines have blurred. Now a greater portion of the IT workforce will need to stay on the job," said Forman, now president of Government Transaction Services.

How much of that IT workforce is deemed to be essential, however, is a call that each agency must make on its own.

At the Federal Emergency Management Agency, for instance, all but about 150 out of roughly 2,000 IT operations employees and engineers were told not to come to work if Congress fails to pass a funding resolution and the government shuts down Tuesday, according to a source familiar with FEMA's operations. Whether that skeletal crew is able to maintain all of FEMA's systems should the shutdown last more than a few days, especially in the event of a cyber breach, is a real concern, the source said.

If the government cyber warriors aren't on duty, many systems will be protected, but a lot of the mundane things won't be, raising the risk of penetration, Tom Davis, former Virginia congressman and chairman of the House Government Reform committee, told InformationWeek. Davis, now a director at Deloitte, was author of the Federal Information Security Management Act (FISMA) and a member of Congress during the shutdowns of the 1990s.

On the other hand, if cyber security measures are in place and the personnel on duty are sharp, removing a lot of the activity from government IT systems will make it easier to spot menacing activities, said Karen Evans, who succeeded Forman at OMB and now serves as national director for the U.S. Cyber Challenge.