The California Office of Emergency Services (CalOES) works with NIST in several program areas, including for technical advice when the California Cybersecurity Integration Center (Cal-CSIC) is researching and responding to cyberthreats. NIST periodically updates its cybersecurity standards, which California has incorporated into its IT security policies.
"Like any of these federal agencies that are closed as a result of the shutdown, [it] has put a burden on state and local governments that are engaging with them on a daily basis," Cal OES Director Mark Ghilarducci told Techwire in an interview. "They're a component that we plug into this toolbox and throughout this process, without them being open we continue to operate. We can't not operate."
NIST's computer security resource center is shut down without federal appropriations. So CalOES either waits to work on programs NIST is involved in or will seek private contracts when necessary.
Ghilarducci said the shutdown has a cascading impact, but "we have a couple different workarounds to address the issue."
While Cal-CSIC may not need some of NIST's resources right now, it could use its relationship with the FBI to meet the need. And private contracts are also a possibility, especially for data forensics.
Peter Liebert, California's chief information security officer and director of the Office of Information Security, told Techwire in an interview today that the impact isn't as big in the short term.
"Long term, there will definitely be an impact, but we're talking a couple months down the line as a lot of their projects would slide," Liebert told Techwire. "That could potentially impact their release date for new and updated standards."
"They are the program of reference," Liebert said. "The equivalent, you could say is, if a dictionary company shuts down, you won't be able to go back and reference the words but you can still speak the language."
