Nation-state hackers could also gain insight into which U.S. computer networks are considered vital and therefore functioning during the shutdown by comparing that picture with all the networks that are seen to be working during normal times, Gann said. "A foreign intelligence organization can deduce from that who matters and who doesn't," he said.
The House Homeland Security Committee, led by Democratic Rep. Bennie Thompson of Mississippi, said the panel is concerned about the Cybersecurity and Infrastructure Security Agency of the DHS running with significantly fewer staff. DHS has said the shutdown meant that only 57 percent of the agency's staff would be working.
The agency "is charged with performing risk and vulnerability assessments for the federal government and critical infrastructure owners and operators, including state and local election agencies," a committee aide said. "We don't know if those activities have been suspended or delayed."
Operators of critical infrastructure sectors including financial systems, the power grid, water systems, health care systems and transportation networks rely on information from the DHS agency to protect their computer networks, and "we don't know if these activities have been suspended or slowed because of the shutdown," the aide said.
But the U.S. Computer Emergency Response Team, or CERT, which operates under DHS and sends out cybersecurity warnings to critical infrastructure sectors, appeared to be functioning and was sending out security alerts Tuesday.
Emails to DHS officials seeking comment bounced back with automated responses saying they were not working because of the shutdown.
The skeletal cadre of government employees across different agencies who are working jobs considered critical for cybersecurity efforts may be exhausted by the additional work burden, reducing their effectiveness, said Ron Bushar, vice president at FireEye, a threat intelligence research company.
But cybersecurity professionals watching for threats in operation centers, counterintuitively, could be operating in a quieter environment with fewer federal employees using their computers in their networks, said Bushar, who previously served as an assistant director for cybersecurity at the Justice Department.
Sponsored Video Stories from LifeZette
With fewer federal workers, the signal-to-noise ratio is lower, whereas with a full complement of employees, "there's more noise and a bigger attack surface" for hackers looking to exploit networks by targeting individuals, Bushar said.
A prolonged government closure could disrupt broader cybersecurity policy efforts, said Ari Schwartz, managing director of cybersecurity services at the law firm Venable LLP.
The public-private partnership between government entities such as NIST, which formulates cyber standards, and private companies is essential to securing computer networks around the country and could be hurt as the shutdown drags on, Schwartz said. He also leads the Coalition for Cybersecurity Policy and Law, a group of companies that educates policy makers on cybersecurity matters.
Delays to long-term policy efforts could be recovered if the shutdown lasted only a couple of weeks, but longer closures could "overwhelm the system and set back public-private partnerships by quite a long time," Schwartz said. "Each month of closure is probably magnified by two months" of delays and setbacks, he said.
(c)2019 CQ-Roll Call, Inc., All Rights Reserved
Visit CQ Roll Call at www.rollcall.com
Distributed by Tribune Content Agency, LLC.