A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say.
Many cyber feds would likely be exempt from furloughs during a government shutdown, common for personnel deemed “essential,” although the Department of Homeland Security, home of the Cybersecurity and Infrastructure Security Agency, did not answer whether it would use the last contingency plan for a shutdown under then-President Joe Biden or if it had developed new guidance.
A shutdown would nonetheless halt activity like hiring personnel, something already in turmoil at CISA and elsewhere as President Donald Trump’s Department of Government Efficiency pursues personnel cuts.
Of particular concern, according to Caitlin Clarke — the special assistant to the president and senior director for cyber and emerging technology on the National Security Council under Biden — is the government’s ability to respond to threats during a shutdown, such as implementing patches for vulnerabilities at federal agencies. That’s something that’s more “acute” amid personnel cuts, she said.
“The top risk is a reduction in the cybersecurity workforce, where people might be furloughed as nonessential, which would mean that there’s less people working on some of the cybersecurity issues, but also that it may take more time to address any issues that come in during a shutdown,” said Clarke, now senior director of cybersecurity services at Venable, who also worked at the Federal Emergency Management Agency during the first Trump administration.
DHS under Trump hasn’t been “forthcoming” about matters like how many CISA personnel would be sidelined in the event of a shutdown, said Thomas Warrick, nonresident senior fellow at the Brookings Institution, who worked at DHS during Republican and Democratic administrations. The most recent guidance from 2023 is no longer on the DHS website, but the Biden administration determined that there would be exemptions from furloughs for “960 personnel (or 30 percent), with an additional 790 employees (or 25 percent) recallable” at CISA.
“We are at an especially awkward moment, because the Trump administration has not rolled out its vision for cybersecurity, and many of the signs of their immediate actions are troubling both the markets and the cybersecurity community,” Warrick said. “The possibility of a shutdown affects the things that have been broken to a greater extent than functions that just keep going.”
“I am very worried that a shutdown would further magnify the damage the Trump administration has already done to our cybersecurity – at CISA and throughout the Federal government,” Mississippi Rep. Bennie Thompson, the top Democrat on the Homeland Security Committee, told CyberScoop. “Presently, we have no clarity on what cyber positions will be deemed essential. The last time Trump forced us into a shutdown, critical staff at CISA were furloughed so I am not confident that the administration will take this seriously.”
The House is set to vote Tuesday on a continuing resolution to keep the government funded. The Senate would also need to act on any continuing resolution.
Cyber executives warned about the risks a shutdown poses at a hearing in 2023, and among those who testified were an Armis executive. Another Armis official sounded a hopeful note this week.
“Because many of our cyber warriors are considered essential personnel, I believe that their function would not — and should not — be impacted by a shutdown,” Tom Guarente, vice president of external and government affairs for Armis, said via email.
More threats may already be materializing just amid the prospect of a shutdown. Some cybersecurity companies saw a rise in attacks on the federal government when a shutdown loomed in 2023.
