78.4 F
Washington D.C.
Thursday, June 20, 2024

Homeland Security and the Shutdown Threat: Planning for an Unnecessary Contingency

Having lived through the last government shutdown while working at DHS, I can attest to the disruption that the lack of funding played in executing necessary homeland security programs.

One of the most challenging homeland security risks to deal with from a process standpoint is political risk. By the nature of the concept and from the initial manifestation of the current discipline, homeland security is intended to be above politics. There are many examples of professionals who put their politics aside to protect the country and their fellow citizens.

But at the policy level, of course, keeping homeland security apolitical has proven to be impossible. Even with the near-universal support for addressing the threat of al-Qaeda, homeland security has been politicized from its outset. Several midterm elections in the 2002 cycle were won and lost in part based on positions that members of Congress took on the creation of the Department of Homeland Security (DHS) – most prominently the Georgia Senate race – and the balance between anti-terrorism efforts and the need to protect civil rights and civil liberties made the PATRIOT Act a hot-button political item soon after it became law. Today, issues such as border security, immigration enforcement, countering disinformation, chemical security, and even defining homeland security threats are squarely subject to political and ideological debates.

Oftentimes, those debates are a necessary part of democracy and serve the country well – different policy positions deserve to be heard, of course, and the political process is one way they get resolved. That, however, does not obscure the reality that the political process presents a risk to the nation’s homeland security when it devolves into ideological posturing as opposed to legitimate policy arguments.

With the current dysfunction in Congress, that reality is once again stark. At the same time, a single senator (Tommy Tuberville from Alabama) is blocking the confirmation of nominated military leaders, while a small minority of members in Congress is refusing to pass necessary funding bills heading into Fiscal Year 2024. Depending on your read of legislative processes and machinations, a government shutdown is either likely or just possible on October 1.

Make no mistake: this is an increased risk to the nation’s homeland security. Having lived through the last government shutdown while working at DHS, I can attest to the disruption that the lack of funding played in executing necessary homeland security programs.

While many of DHS’ employees are law enforcement personnel, and portions of the Department are funded through fees, there is a significant portion of the DHS workforce that will be furloughed if appropriations are not passed – as well as other key agencies that contribute to homeland security. That was certainly the case at the Cybersecurity and Infrastructure Security Agency (CISA), where I served as part of the leadership team in 2018-19 during the last meaningful shutdown, and the furloughs had a significant impact on our operations. There were several reasons for that, and I suspect many of those same impacts would occur again across DHS as it relates to key programs.

The first and most obvious impact on the mission is the human impact of the shutdown – in some programs, more than 90 percent of the workforce will not be able to work during a shutdown, which will grind efforts to a halt. The morale of the workforce, which is being told that their efforts are “non-essential,” will undoubtedly be impacted; so, too, will be the morale of the workforce that is working while not getting paid and having their daily efforts scrutinized to make sure they are only doing “essential” work. (In other words, even employees who work can’t conduct the full range of their responsibilities.) Making matters worse, communications between the two groups are limited as non-essential messages are forbidden.

In addition to the human impact, there is the cost associated with planning for and executing an “orderly shutdown.” IT equipment must be managed, contracts must be altered, lists of excepted employees and call-back eligible ones must be created and maintained, systems need to be shuttered, and that’s only a partial list of costly steps that need to be taken. Meanwhile, on the non-federal side, there is the impact on the companies in the homeland security industrial base, which have to deal with business shocks that impact their ability to invest in the capability to sustain mission support to the homeland security enterprise. They may also have to struggle with furloughing their own employees who are central to the homeland security mission.

While it may be possible to dismiss morale concerns and extra expenses as not directly risky to the mission, there are also pernicious operational risks that a government shutdown will create as organizations try to get by with fewer staff for monitoring risks.

Collaboration between state and local government officials and the flow of money and technical assistance from the federal government to its state and local counterparts will slow down considerably. Information-sharing programs between governments and the private sector will be degraded. So, too, will intended policy and regulatory changes that are intended to fill gaps in current security approaches; delays will create uncertainty in homeland security efforts that are evolving, such as protecting against unmanned aerial vehicles, strengthening cybersecurity requirements, and reforming federal funding for disaster mitigation.

In addition, a government shutdown has the potential to alter the threat environment, given that adversarial actors have the ability to react to the operational uncertainty and the ideological fights that are fraying our system of government. DHS uses the nomenclature of a Period of Heightened Risk that occurs during moments of greater uncertainty. This qualifies as one of those.

Homeland security is at its core a contingency planning effort; professionals assess risks and plan against scenarios that can cause consequences that weaken the homeland and its citizens. By tradition, those scenarios are caused by a threat or hazard event. Spurious political disagreements aren’t characterized as threats or hazards, but they can lead to unintended consequences and can effectively serve as security risks. As legislators gather over the next week or so to try to resolve the current morass, it is important that the voice of security professionals is considered. You will very rarely see homeland security leaders directly acknowledge that they are managing political risk. But the reality is that an unnecessary government shutdown will force them to.

author avatar
Bob Kolasky
Bob Kolasky is the Senior Vice President for Critical Infrastructure at Exiger, LLC a global leader in AI-powered supply chain and third-party risk management solutions. Previously, Mr. Kolasky led the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center. In that role, he saw the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. As head of the National Risk Management Center, Mr. Kolasky had the responsibility to develop integrated analytic capability to analyze risk to critical infrastructure and work across the national community to reduce risk. As part of that, he co-chaired the Information and Communications Technology Supply Chain Risk Management Task Force and led CISA’s efforts to support development of a secure 5G network. He also served on the Executive Committee for the Election Infrastructure Government Coordinating Council. Previously, Mr. Kolasky had served as the Deputy Assistant Secretary and Acting Assistant Secretary for Infrastructure Protection (IP), where he led the coordinated national effort to partner with industry to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including election infrastructure. . Mr. Kolasky has served in a number of other senior leadership roles for DHS, including acting Deputy Under Secretary for NPPD before it became CISA and the Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.
Bob Kolasky
Bob Kolasky
Bob Kolasky is the Senior Vice President for Critical Infrastructure at Exiger, LLC a global leader in AI-powered supply chain and third-party risk management solutions. Previously, Mr. Kolasky led the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center. In that role, he saw the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. As head of the National Risk Management Center, Mr. Kolasky had the responsibility to develop integrated analytic capability to analyze risk to critical infrastructure and work across the national community to reduce risk. As part of that, he co-chaired the Information and Communications Technology Supply Chain Risk Management Task Force and led CISA’s efforts to support development of a secure 5G network. He also served on the Executive Committee for the Election Infrastructure Government Coordinating Council. Previously, Mr. Kolasky had served as the Deputy Assistant Secretary and Acting Assistant Secretary for Infrastructure Protection (IP), where he led the coordinated national effort to partner with industry to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including election infrastructure. . Mr. Kolasky has served in a number of other senior leadership roles for DHS, including acting Deputy Under Secretary for NPPD before it became CISA and the Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.

Related Articles

Latest Articles