With most U.S. Government employees prevented from coming to the office today by a federal shutdown, what happens to cybersecurity?
Apparently, nothing.
The Office of Management and Budget (OMB) specifically mentioned cybersecurity eight times in a last-minute memo on what is essential.
Question 12 from the memo: "What is the controlling consideration for the continuity or suspension of IT operations for an agency during a lapse in appropriations?"
Answer 12 from the memo: "In making the necessary determinations for the continuity or suspension of information technology operations, agencies must take into consideration the agency's cybersecurity risk posture and avoid making determinations that would result in any imminent threat to Federal property, including: any permanent disruption to agency information systems or loss of agency information; any potential threats to the security, confidentiality and integrity of agency information and information systems."
And later in the memo:
"Agencies should maintain appropriate cybersecurity functions across all agency information technology systems, including patch management and security operations center (SOC) and incident response capabilities."
Now we know that cybersecurity is essential.
Wait a minute. Haven't we known that for a long time?