Furloughed workers and closed agencies have also created a "bad look" for government agencies looking to fill cyber jobs.
"Undoubtedly IT job seekers had a more negative view of federal employment due to the shutdown," said Dave Mihelcic, federal chief technology and strategy officer for Juniper Networks, and former chief technology officer of Defense Information Systems Agency. "Likewise the most talented IT professionals in federal service were left with lasting questions about their future that would cause some to seek outside opportunities."
Young employees have traditionally viewed government cybersecurity jobs as quite prestigious. Working in cybersecurity at the National Security Agency, Central Intelligence Agency, Department of Homeland Security, Justice or Energy departments can significantly bolster a graduate's resume. The most lucrative private-sector jobs often place a premium on experience with these agencies.
But the shutdown may change that perception as it wears on, Mihelcic said, especially as the best cybersecurity specialists have many other options, and it's questionable whether these agencies will even be able to adequately recruit them.
"With the class of 2019 graduating in just a few months, there is a new pool of talent entering the job market who have a dynamic set of IT and cyber skills to offer employers from both the private and public sector," Mihelcic said. "As the war for this pool of talent begins, the government furlough could present significant ramifications for agencies because they are currently precluded from making any headway in attracting, recruiting and hiring prospective IT and cyber candidates."
Cybersecurity is also often severely hurt by insiders who steal information to sell it, sabotage systems because they are angry or steal intellectual property for their own financial gain, among other malicious activities.
Insiders are often motivated by three key factors — financial problems, organizational issues and politics, according to experts at insider threat management firm ObserveIT. All of these factors are particularly heightened among government workers and can lead to a proliferation of malicious insiders.
Data can be relatively easy to steal for a government employee with access no matter the motivation, said Sai Chavali, a security strategist for ObserveIT.
Chavali pointed to the recent case of NSA contractor Harold Martin, who is scheduled to stand trial in June for taking 50 terabytes of data during his tenure. Martin's attorneys have argued he was a "hoarder" of data, and though his actions — which allegedly lasted more than a decade — were unrelated to the shutdown, they illustrate how much damage a single determined insider can do, said Chavali.
"[Martin's] incident specifically highlights how hard it is to detect user activity," Chavali said. "Commonly we're seeing malicious and technical users choose these hard-to-track external storage devices (such as flash and hard drives) to exfiltrate data out of their endpoints without touching the network over multiple years."
The government will face other issues related to long-term planning, said Robert Silvers, a cybersecurity partner at law firm Paul Hastings and a former top cyber official at DHS. "The problem is that strategic planning gets put on ice. Proactive outreach to companies, local law enforcement, international partners, procurement of new technology — it's all frozen," he said.
"It would be like keeping the military operational but halting weapons purchases and maintenance. It's corrosive in the long run and impedes progress in an area where we already have a lot of work to do."
Correction: This story has been corrected to reflect the fact that the websites of the U.S. courts of appeals continue to be actively managed during the partial government shutdown.