Charles McClam, deputy CIO at the Department of Agriculture, said that mission-critical applications in his organisation are housed in data centres around the country, and the employees responsible for keeping them secure are considered exempted personnel, meaning that they would continue to work even in the event of a government shutdown.
"At this juncture I don't see anything that's going to be problematic [with] enterprise security," McClam said here at a government IT conference.
Naeem Musa, CISO at the Federal Energy Regulation Commission, said that his agency contracts much of its security and monitoring activities out to vendors in the private sector, which would be unaffected by a shutdown.
Congress has until the end of the month to approve legislation to keep the government running, though its ability to do so in that time frame is in serious doubt. As of this afternoon, the Senate appeared poised to pass a temporary spending bill, stripping out language to defund President Obama's health care reform bill that had been included in a measure passed by the House. But Republican leaders have signaled that they are unlikely to accept any bill the Senate passes without making their own changes, which could run out the clock on the month-end deadline, the Washington Post reported.
Federal Big Data Initiatives Bring Big Security Challenges
But even if federal IT managers don't see a great threat to their systems' security from a potential government shutdown, they still have plenty to keep them up at night. At Thursday's conference, officials described the security challenges that accompany big data initiatives, even as the government is trying to make more of its data sets publicly available rather than keeping them locked inside the federal firewall.
"Securing the data, even if it's public, it's open, you still have to protect the integrity of that data, make sure the data has not been changed and whatever you serve out there is accurate to the public," Musa said.
If anything, the drive toward open data might create additional security challenges as agencies understand that they can no longer simply apply a one-size-fits-all policy that sets closed as the default setting for their data assets. That means that they must adopt more nuanced security policies tailored to the nature of each data set, and yet still have some overarching protections as those assets become linked.
Kevin Charest, CISO at the Department of Health and Human Services, described the "war" that pits "the desire to share, the desire to bring these data sets together, against the responsibility that's associated."
"One of the challenges of bringing big data sets into one place is you inherit the insecurity of all. So you create almost like a shopping place for a would-be bad actor if you're not careful," he said. "So you have to balance that desire for openness, desire for collaboration, the willingness to move in new space with rationality of securing that data."
Sign up for CIO Asia eNewsletters.