A group of Democratic senators went public with a letter to Gen. Paul Nakasone, head of U.S. Cyber Command and the National Security Agency, and Kirstjen Nielsen, secretary of the Department of Homeland Security (DHS), asking them to answer questions about the partial Federal government shutdown’s effect on cybersecurity.
The letter, circulated by Sen. Amy Klobuchar, D-Minn., as MeriTalk previously reported, was signed by Klobuchar and Sens. Cory Booker, D-N.J., Catherine Cortez-Masto, D-Nev., Ed Markey, D-Mass., Jack Reed, D-R.I., and Tom Udall, D-N.M.
In the letter, the senators highlight concerns over expiring website certificates in particular.
“We write to express concern about the government shutdown’s effect on the security of our cyber-networks,” the letter notes. “We are concerned that these circumstances have left our government and citizens vulnerable to cyberattacks and write to request information regarding what actions are being taken to protect our networks.”
The letter calls on Nielsen and Nakasone to answer how the shutdown affected Federal website security, asks about any assessments to find suspicious activity, and calls on DHS to work with other agencies to make sure certificates are restored quickly.
In addition to the letter from the group, Sen. Mark Warner, D-Va., sent his own letter to Secretary Nielsen, asking her to assess the impact on the Cybersecurity and Infrastructure Security Agency (CISA). He pointed to expired website certificates, criticism of the shutdown from the Federal Bureau of Investigation Agents Association, and the emergency directive issued by CISA last week to audit and secure Domain Name System accounts.
“These data points are but examples, which taken together paint a troubling picture of the state of our nation’s cyber defenses through the shutdown. The troubling reality however, is that with our Federal employees just returning to work, we can only now begin a full accounting of the impact it has had on our nation’s security,” Warner wrote.
He called on Nielsen to describe the impact of the shutdown on the cybersecurity workforce at DHS, describe how long it will take for the Department to resume all operations, and assess the impact on employee morale.