Lawmakers are expressing concerns that the shutdown could radically hinder the work of the Cybersecurity and Infrastructure Security Agency in responding to major ransomware incidents and other digital intrusions.
Democrats are warning that a looming government shutdown could have disastrous consequences for federal cyber programs and hinder the administration's ability to respond to cyberattacks targeting critical infrastructure and key sectors.
Lawmakers said Wednesday that the potential shutdown could prevent the Cybersecurity and Infrastructure Security Agency from conducting critical operations while hindering the administration's efforts to disburse nearly $1 billion in cybersecurity grants to state, local and territorial governments included in Bipartisan Infrastructure Law.
"A government shutdown, much like a ransomware attack, would be dangerous, destructive and disastrous," Rep. Shontel Brown, D-Ohio, said during a House Oversight Committee hearing on ransomware.
The shutdown "would undercut organizations and state and local governments that are relying on federal funds to prevent the crippling ransomware attacks we are discussing in this very hearing," she added.
An estimated 80% of employees at the Cybersecurity and Infrastructure Security Agency could be furloughed during the shutdown, according to newly updated Department of Homeland Security contingency plans for a lapse in appropriations. According to those plans, just 571 out of 3,117 agency employees would be deemed exempt from furloughs.
The exodus of CISA employees would further disrupt the government's role in safeguarding federal agencies and the private sector from cyberattacks targeting the nation's digital infrastructure, according to Congresswoman Eleanor Holmes Norton, D-D.C.
"A shutdown will have real-world effects both in cyberspace and our communities," she said, noting how the nation's cyber defense agency — tasked with responding to major ransomware attacks — will be “forced to furlough thousands of employees.”
Some Republicans pushed back on concerns that the shutdown would have major consequences for federal cyber operations, including Rep. Nancy Mace, R-S.C., who said the White House can provide exceptions for CISA employees and decide which federal employees are deemed essential.
"They can make it as painful as they want, or as painless as they want," Mace said.
Lawmakers from both sides of the political aisle have warned about the impact a shutdown will have on government operations, along with technology leaders and cybersecurity experts, who say that government contingency plans would fail to provide adequate support for agencies and organizations in the event of a major cyberattack.
The hearing — and potential shutdown — come as CISA and other agencies are warning that persistent threat actors and cybercriminals are advancing their ransomware tactics and increasingly targeting critical infrastructure sectors.