The US Federal Government is in the midst of the longest gap in funding for many of its agencies in history. As the “shutdown” extends into a second month, the economic impact is increasing for federal employees—including state employees and government contractors working in IT and information security roles for the government—and the the area they work and live in.
Furloughs have had a real impact on the government’s security situation as well. Work at the National Institutes of Standards and Technology on a number of Initiatives, including work on encryption, has been suspended. Some “non-essential” companies have had to anger security teams, leaving them without a way to respond to incidents during the shutdown. Regular maintenance on IT systems, such as patches and updates to websites and server systems, is delayed. And those who are still employed in companies operating without a budget are doing so without pay and under financial duress—not exactly the ideal situation for maintaining a top security position.
“I saw an article a few days ago where 100-odd government SSL certificates expired,” said Chris Eng, Vice President of Research at software security firm Veracode. “There’s a lot of work going on that’s not even the highest response stuff that’s going to get done. Imagine if something like Heartbleed came out tomorrow—what would be the ability of government agencies to respond to that when are they working on skeleton crews?”
But the real damage to the government may be waiting in the wings. Several disgruntled government officials who spoke to Ars this week said they are currently seeking jobs in the private sector out of necessity. The number of private companies recruiting talent in the field has seen a spike in job applications from people in the government sector. And even if the shutdown ends this week — which doesn’t seem likely — some government IT leaders have expressed concern that workers will come back to collect their back pay and then resign. And for contractors who don’t have insurance to recover lost wages, the math is even worse.
“Government salaries and benefits for technology workers are no match for those offered by private companies,” said Justin Sherman, Cybersecurity Policy Fellow at New America, Washington, DC, think tank. “As the shutdown continues and workers are left without pay for longer and longer periods, private sector jobs will be more attractive to tech-focused government workers and will inevitably cause some to leave government. for corporate work too. if only because of a temporary need for income.” And since pay in the private sector is generally better, recruiting new talent to replace departing workers will be more difficult, Sherman added.
There are some numbers to back up these concerns. A recent survey by ZipRecruiter of 2,000 retired government employees found that 67 percent were planning to leave their government jobs to find work in the private sector. Less than 30 percent felt the shutdown would end within the next 30 days, and 90 percent expected significant financial hardship.
Talent shortage
The government has a critical talent shortage in information security. After decades of outsourcing central information technology roles, most of the expertise in some companies comes from outside contractors. Internal positions have been underfilled at many agencies over the past few years—a trend that didn’t get any help from President Donald Trump’s 2017 federal hiring freeze.
As a result of both the constant demand for new information security personnel and the uncertainties of government employment over the past two years, some open security detail positions at the Department of Homeland Security has been posted for a year. And many jobs in information security (and all of them at DHS) require security clearances of Secret or Top Secret—essentially narrowing the potential recruiting pool and lengthening the pipeline for filling them.
Them Humanity of government work It’s not exactly stacked in the government’s favor, either. The median age of civil servants in all industries is 48 years, with a quarter of civil servants over 55 and ready for retirement. Many who are in retirement may opt to leave early for the private sector, sacrificing large pensions for much larger paychecks – creating an even bigger vacuum to fill.
A federal IT professional said in a tweet, “We’ve got a ton of open spots…they won’t be filled either.” If you think things are bad now, it will be a disaster in June. Add to the list anyone near or in retirement or those in service who have retired (three years).
For those who haven’t jumped ship, there’s a cruel irony: increasing the expenses of information security professionals in government can put them in debt situations that threaten their security clearances.