While the Federal Government shutdown was averted thanks to some last-minute political gerrymandering and concessions by both sides of the aisle, it’s quite instructive to reflect on the implications of shutdown on the federal cybersecurity workforce, including contracts and contractors.
More specifically, of the 1.9 million civilian government employees who could have been furloughed had the shutdown occurred, gathering the facts and data about what percentage of that 1.9 million were considered as essential based on their intrinsic roles as cybersecurity employees is interesting.
Based on a quick, unscientific straw poll of "random neighboring CISOs", the percentages of their staffs that would continue working through shutdown ranged from 10%–25%. What conclusions, if any, can be drawn from those numbers? Is it fair to presume that the bulk of these percentages would be the more technical staffs charged with operational cyber threat protections? Can one further extrapolate that these numbers align with recent estimates that the country needs more than 20,000 cyber security professionals?
The same considerations are applicable of course to federal cyber contracts and contractors. We'd venture a wager that not a single federal CISO would have considered their C&A contract or contractors as “mission-essential”! So, inquiring minds should want to know, what types of contractor task orders were considered essential through shutdown? The presumption here is that the essential contracts/contractors will be closely aligned with the essential cyber feds.
So, among the intangible takeaways from the averted shutdown, if federal CISOs had any doubts as to where they could begin their imminent “belt-tightening measures” or the prioritization of their programs, they have only to look to that facts and data collected in preparation for a 2011 federal government shutdown that never was.