Security Manager's Journal: Why the shutdown is like the cloud

Our manager hadn't realized how the government affected his daily life until he couldn't get to government websites that hold information he needs

As I set out to write my column this month, I popped over to the NIST website to check some facts. The National Institute of Standards and Technology publishes security standards and guidelines for the U.S. government in its "800 series," and they are generally useful in the private sector as well. I visit the NIST website occasionally to check the facts on topics ranging from encryption algorithm lifespans to risk assessment methodology. But this week, the NIST website has been taken down due to the U.S. government shutdown.

The NIST website is displaying a maintenance page saying, "Due to a lapse in government funding, the National Institute of Standards and Technology (NIST) is closed and most NIST and affiliated web sites are unavailable until further notice. We sincerely regret the inconvenience." I hope they do, because a lot of professionals rely on information provided by government agencies.

This is a somewhat jarring experience. I hadn't realized the government affected my daily life in any meaningful way, but now that the documents I'm looking for are not available to me, I'm starting to wonder what preparations I should have made to account for this situation. In fact, I'm thinking like a business continuity planner.

Business continuity is all about maintaining or resuming normal operations after a primary process is interrupted or has failed. If I were thinking about this a week ago, I might have considered ways to get the information I need even if the NIST website was unavailable. I can't find any mirrors, but maybe I could have created my own by downloading all the documents to my own hard drive. But now that the only information channel I've been relying on has been interrupted, it's too late. Business continuity planners are supposed to think ahead, to predict what might happen and come up with appropriate countermeasures. I'm not one, but I can see how that reasoning applies to my situation.

My natural response to this is that I should go ahead and download the NIST publications whenever the website comes back up. And that's really a commentary on cloud services in general.

I rely on the cloud daily. If I apply the term loosely, then my reliance extends to all of the websites I use to look up information and perform tasks involving data. The biggest problem with that extensive reliance, of course, is that when sites are unavailable, I don't have access to the information and services I need. Cloud services in general have been plagued by availability problems (as well as data loss and other significant issues). This has implications for all organizations. The convenience and scalability of the cloud is somewhat offset by the risk of your service going dark.

What's the alternative? Your data is either in the cloud -- as with Apple's iCloud, the various DropBox-like services, and even video streaming services like Netflix -- or it's on your own storage. If I don't want to rely on the cloud, I'll have to buy more hard drives and keep copies of the data I need. In today's interconnected world, that's not as easy as it once was. I would have to deal with keeping my data in sync with the cloud. And of course, I would be managing a potentially huge amount of data instead of relying on services to do that. And what about Wikipedia or IMDB? They hold way too much data to mirror.

Hopefully, I'll be able to follow through next month with the column I was originally planning to write this month, before the NIST website was shut down. With any luck, the government will be working again by then.

This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at

Join in

To join in the discussions about security, go to

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Institute of Standards and Technologysecuritycloud computinginternet

More about AppleNetflixTechnologyTopicWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by J.F. Rice

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place