Federal cybersecurity efforts were hampered in some ways by the 35-day partial government shutdown that ended on Jan. 25. However, the record-breaking shutdown’s effects have rippled out to other aspects of government IT.
The shutdown led to backlogs at agencies that approve or review technologies. It also left scores of security certificates for government websites to expire. And the funding lapse could also delay the rollout of IT modernization projects funded through the Technology Modernization Fund.
Lots of government IT operations, including acquisitions, piled up during the five-week shutdown. More than 4,700 requests for proposals, requests for information and contract awards were released on fedbizopps.gov in the week after the shutdown ended, Federal News Radio reports.
Technology Reviews Got Backlogged During Shutdown
During the shutdown, the Federal Communications Commission and Food and Drug Administration were unable to review and certify new devices. The FCC certifies smartphones and tablets and most new devices that emit radio frequency energy, and the FDA certifies medical technology devices, as CNET reports.
At the FCC, while most of the testing is outsourced to private companies the agency authorizes, the FCC still needs to give its approval, and with 80 percent of the agency’s staff furloughed, those approvals could not be processed, according to CNET.
The Telecommunications Industry Association, a trade group representing makers of telecommunications equipment, had warned that the launch of 5G networks in the U.S. could be delayed because 5G devices would not be approved in time, CNET reports. The FCC reactivated the Equipment Authorization System during the shutdown, which allowed the majority of devices needing certification to be processed. However, some more “complex” devices could not be certified. In any event, the shutdown led to a backlog agency staff are likely still working through.
Meanwhile, government websites were unsecured during the shutdown because there was not enough staff on hand to renew TLS certificates for the websites, which ensure encryption between a computer and a website. According to internet security company Netcraft, 130 security certificates used by government websites expired during the shutdown.
Not only did that make it impossible for government workers and citizens to access websites if their web browsers blocked access to the sites, but it left users vulnerable to “man in the middle” cyberattacks if they could gain access.
IT Modernization Projects Put on Hold
In October, the Technology Modernization Fund board announced that it had awarded $23.5 million to three agencies. In its second round of awards, the board doled out money to the Agriculture and Labor Departments and the General Services Administration.
The funding included $15 million for application modernization at GSA, $5 million for infrastructure modernization and cloud adoption at the Agriculture Department and $3.5 million for a work visa digitization project at the Labor Department.
David Berteau, president and CEO of the Professional Services Council, said IT modernization projects approved and funded via the TMF were tied up not because of a lack of appropriations but because the agencies required to provide services for them were shut down.
“We have companies that are working on IT modernization contracts where the customer is closed even though the funding — which comes, for example, from the modernization fund — is still available,” he said, according to FedScoop, while the shutdown was still ongoing. “So, the work can go on, but you can’t talk to the customer.”