Federal Shutdown May Spur Cyber Attacks on Local Agencies

A cybersecurity expert with experience as a white hat hacker is urging state and local government IT leaders to prepare for a surge in cyber attacks and during a time of reduced federal support during the shutdown. He cautions them to be ready to work through a potential breach using only state and private resources.

Brandon Potter, chief technology officer for cybersecurity services firm ProCircular, has spent 20 years working in cybersecurity for the government, health-care and finance sectors. He's also spent 12 years as a hired white hat hacker. He asserts cyber criminals know events like a federal shutdown might give them a better chance at success.

“Threat actors wait for this, and then they pounce immediately,” Potter said. “I wouldn’t be surprised if they have these pre-prepped so the day the shutdown happened these email, spam and phishing campaigns started going out.”

In the video below, Potter shares his predictions on what IT leaders should prepare for.


Potter predicts a large spike in highly authentic phishing attacks that leverage AI and take advantage of the current political climate.

“Because of the unknowns, the geopolitical tensions and the left vs. right kind of activist components, I think that’s going to be a great lure and context for those phishers or threat actors to latch onto, to get more clicks and to get more interaction into their phishing sites,” Potter said.

Meanwhile, federal cybersecurity support will be significantly reduced during the shutdown. According to a document recently released by the Department of Homeland Security, only 889 of CISA’s 2,540 on-board employees would stay on the job during a shutdown. That means about 65 percent of its workforce is furloughed.

As a result of the reduced federal capacity Potter urged leaders to increase monitoring on the identity side of the house.

“Maybe provide some refresher training to their employees and be communicative through this, encourage them to reach out and ask, ‘Is this the proper channel that I should be receiving this from?’” he said.

Additionally, federally funded cyber resilience improvements, even for projects where the money has been awarded, must pause if they require routine approvals from a furloughed DHS staff member. The document released in the days before the shutdown details: “if the continued oversight, during the lapse period, is required by the terms of the award to permit the awardee to perform, then performance must cease.”

For cyber resilience improvements structured as cooperative agreements or those that require prior approvals for specific security purchases, system changes or work activities, furloughed federal employees cannot provide the required coordination or sign-offs, and without them, the local government cannot proceed.

“I think the threat actors are going to use that as the lure, because it’s something that’s going to get somebody to forget that training and say, ‘Oh great, we can get it faster, I just need to register at this new portal,’” said Potter.

He urged state and local IT leaders to “dust off incident response plans” and strengthen relationships with state leaders, private partners and potentially National Guard cyber units.

“You have to move forward and assume that help will be non-existent or delayed for whichever time period the shutdown is going to happen,” he said. “What do you have in place that you can practice so if this does happen, you can swiftly move as fast as you can under what you can control, or the state and local government can control, to give yourself a fighting chance.”