The 35-day U.S. government shutdown resulted in “very minimal effects” on the overall cybersecurity of federal systems, according to a recent report by the information technology firm SecurityScorecard.
Researchers studied the cybersecurity of 128 federal agencies based on network security, which covers open ports and SSL certificate matters. They also studied patching cadence that involves the frequency of software updates and endpoint security, which revolves around detecting vulnerabilities in the systems of end users. The study covers signal collection on activities such as malware infections, network security configurations, web application identification, leaked enterprise credentials, endpoint security information, patching cadences, mentions in hacker forums and other potential threats.
The report noted that network security declined to 90.7 percent, a 1.58 percent decrease from the 92.28 percent recorded before the shutdown. However, researchers noted that endpoint security and patching cadence increased during the shutdown period. Endpoint security saw a 9.16 percent increase, potentially due to lesser traffic from government networks during the shutdown. Patching cadence also rose by 1.38 percent, most likely because of factors such as an increased capacity to implement overdue updates and parts of the government that were still operating during the shutdown.
According to the report, a longer shutdown ranging from 60 to 120 days would “likely have much more measurable impact” on the overall cybersecurity of federal systems.