[Updated: 7:02 p.m. Eastern time] The House voted 266-150, following an 81-18 vote in the Senate, on legislation to reopen the federal government. The legislation now goes to President Donald Trump for his signature, clearing the way for government operations to return to normal on Tuesday, Jan. 23.
The partial shutdown of the federal government entered its third day on Monday as the vast machinery of the government's bureaucracy ground to a halt in many cases. However, at some agencies, IT staff members and cybersecurity professionals have been exempted from the furloughs of federal employees because they have been deemed essential to their agencies' operations.
The government shutdown began Saturday morning, Jan. 20, with lawmakers in Congress unable to come to an agreement on a budget that would allow appropriations to keep flowing to agencies. On Monday afternoon though, it appeared that the shutdown would soon end. The Senate voted 81-18 to advance a measure that would fund the government through Feb. 8. However, the Senate needs to approve a final measure, the House needs to approve it and President Donald Trump needs to sign it for the shutdown to formally end.
Some agencies are furloughing more of their staff than others during the shutdown, as The Washington Post and The New York Times note. Government workers in some cases are prohibited from using their government-issued devices — desktop PCs, laptops, smartphones — but the Office of Management and Budget says agencies should give workers clear guidance on the prohibitions.
In its shutdown guidance, issued on Friday, OMB notes that some IT operations may continue during the shutdown. Each agency has contingency plans that determine how to follow that guidance, and Nextgov has a breakdown of some of the major agencies' plans.
What Happens to Federal IT During a Government Shutdown?
The shutdown hit many federal employees hard on Monday. Nonessential and nonexempt employees were expected to work shortened shifts, according to FCW, in order to "turn in IT equipment, communicate with contractors, set up away messages on their voicemail and email systems and otherwise unwind operations."
According to OMB's guidance, agency leaders should "ensure that only those activities that are 'excepted' pursuant to applicable legal requirements would continue to be performed" during the shutdown, unless the agency has a separate funding source for an activity that will remain available during a lapse in appropriations and that the agency would use for the activity's continued performance. For example, the Environmental Protection Agency's administrator, Scott Pruitt, said on Friday that the agency has sufficient resources to operate through this week and that all employees should plan on working. The Federal Communications Commission also plans to remain open.
OMB says that agency leaders should "carefully review determinations regarding which employees would be necessary for the agency's continued performance of those 'excepted' functions, to ensure that these case-by-case determinations are consistent with the applicable legal requirements."
Under the Antideficiency Act, agencies are prohibited from "incurring obligations that are in advance of, or that exceed, an appropriation." Thus, OMB says, "with certain limited exceptions, an agency may not incur obligations when the funding source for the obligation is an appropriation that has lapsed."
IT operations may only continue if they are considered "excepted" by an agency's leadership under the Antideficiency Act, "or where their continuation is necessarily implied from a congressional authorization or appropriation of other continued functions," OMB says.
In making that decision, OMB notes that agencies "must take into consideration the agency's cybersecurity risk posture and avoid making determinations that would result in any imminent threat" to federal property. That includes any permanent disruption to agency IT systems or loss of agency information; or any potential threats to the security, confidentiality and integrity of agency information and IT systems.
A Shutdown's Impact on Cybersecurity, Smartphones
IT security personnel are likely going to be exempted across agencies and will remain on call during the shutdown. That's because the OMB guidance states that "cybersecurity functions are excepted functions as these functions are necessary to avoid imminent threat to federal property."
In making the determination to suspend information technology operations, including websites, agencies must take cybersecurity risks into consideration, OMB notes. At a minimum, agencies "must avoid any threat to the security, confidentiality and integrity of the agency information and information systems maintained by or on behalf of the government."
Agencies should "maintain appropriate cybersecurity functions across all agency information technology systems, including patch management and security operations center (SOC) and incident response capabilities," the OMB guidance states. Interoperable systems must be maintained if their failure or shutdown would result in imminent threats to federal property or data, according to OMB.
The benefit of public access to government websites "would not warrant the retention of personnel or the obligation of funds to maintain (or update) the agency's website during" a shutdown, according to OMB. The agency states:
However, if maintenance and updating of the website is necessary to avoid significant damage to the execution of authorized or excepted activities (e.g., maintenance of the IRS website may be necessary to allow for tax filings and tax collection, which are activities that continue during an appropriations lapse), then the website should remain operational even if its costs are funded through appropriations that have lapsed. If it becomes necessary to incur obligations to ensure that a website remains available in support of excepted activities, it should be maintained at the level of functionality necessary to support those excepted activities.
Regarding mobile devices and other government-issued IT, furloughed employees "should be given clear guidance that the prohibitions of the Antideficiency Act extend to work performed from outside of the office, including via mobile devices or remote computer connections."
According to OMB, orderly shutdown procedures "should not rely on mobile devices or home access to work email for providing notices of when to return to work."
Agencies have discretion to enforce these access restrictions in light of their own particular needs, according to OMB. "Some may choose, for example, to include in orderly shutdown activities a requirement that furloughed employees turn in their Blackberries until they return to the office; others may determine that circumstances warrant a different approach," the guidance says. Nextgov has a rundown of how different agencies are handling the use of mobile devices during the shutdown.