- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Thursday 9:53 AM
Budget cuts leave U.S. government vulnerable to weekend cyberattacks
If you want to hack a top secret government system, do it on a weekend.
If you want to infiltrate top secret government computer systems, don’t do it during working hours.
That’s the takeaway from a new study released by the Department of Homeland Security’s Office of the Inspector General, which revealed that budget cuts have caused the arm of the department tasked with investigating cyberattacks, to cut back to 12 hours a day, Monday through Friday.
The report, which looked at efforts to coordinate cyberdefense throughout the government, charged, ‟[the agency] needs to have sufficient staffing to perform intelligence analysis functions and respond to industrial control systems incidents after work hours and on weekends. Since cyber attacks can happen at any time, it is imperative…to have sufficient resources to respond to and mitigate potential threats.”
This situation leaves 108 hours each week when the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is unable to provide its technical analysis and forensic investigation—not only to other government agencies, but also to private government contractors whom it is also tasked with assisting.
According to the report, which was released late last month, agency managers had requested the ability to hire more staff but were told they lacked the funding to do so. Unsurprisingly, the report recommended allowing the agency to bring in more people.
The report also found that many agency staffers lacked the specialized training required to effectively respond to cyberattacks. In the wake of the federal sequester, which cut five percent of the budget from all sectors of the government, the agency has since suspended all employee trainings until further notice.
The report noted that staffers have compensated by attending training sessions offered by other arms of the government; however, these classes, “[do] not provide incident responders with the specialized training needed to perform their assigned functions.”
While the U.S. government has proved adept at breaking other organizations’ security, Uncle Sam may need all the help he can get when it comes to protecting his own systems. In a recent authorized penetration test, a team of hackers were able to gain access to the network of a top government agency that specialized in ‟offensive cybersecurity and protecting secrets,” with little more than a fake Facebook profile using the photo of a Hooters waitress.
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.