Security on Goodwill

Welcome to your Tuesday briefing.

The Minneapolis enforcement incidents we covered last week have now triggered a federal budget crisis that put DHS into partial shutdown on February 14.

Ninety percent of DHS employees are classified as essential, so they're still working. Just without paychecks. TSA screeners, CISA analysts, and FEMA coordinators are showing up to jobs that aren't paying them while threats don't pause for budget negotiations.

Here's the question that matters: when federal security infrastructure becomes unreliable, do you have a plan for filling that gap, or are you discovering what's missing in real time?

At 12:01 AM on February 14, the Department of Homeland Security entered a partial shutdown after Senate negotiations collapsed over immigration enforcement oversight. The fatal shootings of Alex Pretti and Renee Good in Minneapolis that we covered in a previous briefing are now serving as the catalyst for this federal budget crisis.

Approximately 90% of DHS employees are classified as essential, which means they're still working. Just not getting paid. TSA screeners, CISA analysts, and FEMA coordinators are all showing up without paychecks during a period when cyber threats aren't taking a break and travel security can't afford gaps.

The question isn't whether this creates operational problems. It does. The question is whether you have a plan for when federal security infrastructure stops being a reliable constant.

Most security operations are built on an assumption: federal capabilities will always be there as a baseline. TSA handles airport screening. CISA shares threat intelligence. FEMA coordinates disaster response. You build your private security layer on top of that foundation.

But what happens when the foundation becomes optional?

TSA is already showing cracks. During the 2019 shutdown, sick-outs spiked as screeners looked for paying work elsewhere to cover rent and groceries. Anyone planning executive travel through major hubs like JFK, LAX, or Atlanta should expect longer lines and tired, distracted screeners. The question is whether you accounted for that when you booked the flight or whether you're about to miss a board meeting because security took three hours.

CISA presents a different problem. The automated systems keep running, monitoring critical infrastructure and scanning for threats. But the human analysts who interpret that data, write the advisories, and coordinate with private sector partners are either furloughed or working skeleton crews. If your cyber threat intelligence strategy relies on timely federal alerts, you're operating blind right now. The question is whether you have independent monitoring capabilities or whether you're waiting for an email that isn't coming.

FEMA still has $7 billion in the Disaster Relief Fund for immediate emergency response, so if a hurricane hits tomorrow, first responders will show up. But the administrative machinery that processes state reimbursements and manages long-term recovery has stopped completely. If your business continuity plan assumes FEMA coordination will help you recover from a winter storm, the bureaucratic friction just became a much bigger variable than you modeled for.

The shutdown probably won't resolve before Congress returns from recess on February 23. If it extends past one pay cycle, the degradation accelerates. More TSA callouts. More CISA analysts quietly looking for other work. More friction in the disaster recovery pipeline.

The federal security baseline just became conditional instead of constant. The gap between what government is supposed to provide and what it can actually deliver right now is something private security operations have to fill. The companies that planned for this scenario are shifting to private aviation, running independent cyber monitoring, and maintaining direct relationships with state emergency management instead of relying on federal coordination. The companies that didn't plan for it are discovering the gap exists in real time, which is the worst possible moment to figure out your contingencies.

This isn't about whether DHS eventually gets funded again. It will. This is about whether your security planning treats federal infrastructure as a guaranteed resource or as a variable that might not be there when you need it most.

If you’re a decision maker at your company, you need to be on the bleeding edge of, well, everything. But before you go signing up for seminars, conferences, lunch ‘n learns, and all that jazz, just know there’s a far better (and simpler) way: Subscribing to The Deep View.

This daily newsletter condenses everything you need to know about the latest and greatest AI developments into a 5-minute read. Squeeze it into your morning coffee break and before you know it, you’ll be an expert too.

Subscribe right here. It’s totally free, wildly informative, and trusted by 600,000+ readers at Google, Meta, Microsoft, and beyond.

Two decades of expert insights you can trust.

🇺🇦 UKRAINE – Ukrainian drones hit the Russian port of Taman on February 15, damaging oil storage tanks and starting fires just days before peace talks were scheduled to start in Geneva. Both sides keep hitting each other's energy infrastructure without letting up. Anyone managing energy assets in the Black Sea region or Eastern Europe should stay on high alert for both physical attacks and cyber intrusions, because the risk to commercial shipping remains extreme.

🇲🇽 MEXICO - Ten workers from a Canadian-owned mine in Sinaloa were kidnapped in late January. By mid-February, five bodies had been found in hidden graves. Mexican authorities said it was "mistaken identity" between warring cartels, which is exactly the problem. If the cartels can't tell the difference between a rival gang's convoy and a corporate mining convoy, then any convoy is fair game. And because the cartels are splintering into competing factions, a deal you make with one group means nothing to the others.

INDUSTRY REGULATION – Mike Cunningham has been named the new Chair of the Security Industry Authority, starting March 1. He's a former Chief Constable and ex-CEO of the College of Policing, bringing a police mindset to the regulator as the SIA assumes oversight of Martyn's Law. Expect the agency to get much tougher on enforcement, especially around fake training certificates and fraudulent licenses.

CYBER LIABILITY – Lockton Southeast agreed to $9.9 million settlement for a 2024 data breach compromising health and social security data. The precedent: failure to protect data carries massive financial liability. We're moving toward standards where security directors could face personal liability for negligence in implementing basic cyber hygiene.

The managed cybersecurity market is projected to hit $83.96 billion by 2034, growing at nearly 17%. Those numbers matter because the clients you protect are outsourcing their cyber defense, and that creates gaps most protection teams don't see.

When your principal's organization outsources its cyber defense to a third-party provider, their digital attack surface extends well beyond what any advance team can see. If that provider is compromised, the principal's communications, travel patterns, and financial data could be exposed before anyone on the protection detail is aware.

The convergence point is unavoidable now. Smart home systems, IoT devices, digital access control, GPS tracking, connected vehicles: these are where cyber vulnerabilities become physical security problems. The client who hires a close protection team but outsources their cyber defense to an unknown managed provider has a gap in their security architecture that neither team fully understands.

Read the full analysis: Physical Security Has a Cyber Blind Spot Worth $84 Billion →

Q: If you had to expand protection to secondary family members tomorrow, what's the biggest obstacle?

🟩🟩🟩🟩🟩🟩 A. Budget constraints and justifying the expanded scope (48%)
🟨⬜️⬜️⬜️⬜️⬜️ B. Geographic distance making active monitoring impractical (18%)
🟨🟨🟨⬜️⬜️⬜️ C. Family resistance to increased security presence (26%)
🟨⬜️⬜️⬜️⬜️⬜️ D. Something else → Let us know (8%)

Your Comments:

LM: “Lack of visibility. You can’t protect what you don’t have eyes on.”

CR: “Coordination with schools and third parties. You’re dealing with lots of moving parts.”