So insecure, much danger.
Elon Musk’s government reform efforts may be having a deleterious effect on national security as the billionaire’s Department of Government Efficiency is leading to anger among federal rank and file and opening systems up to attack.
For Musk’s White House-appointed organization, known by its acronym DOGE, the federal government offers a rich and juicy target for the kind of slash-and-burn tactics that Silicon Valley is known for. Musk, whose purchase of Twitter in 2022 was followed by massive job cuts and exhortations to remaining staff to be “hardcore,” appears to be taking a similar tack across the US government.
Crisis management. Rex Booth, SailPoint CISO, told IT Brew that the public should view DOGE carefully, but rationally. A former White House advisor who helped develop the Office of the National Cyber Director, Booth is no stranger to the ups and downs of the federal government.
“There are things to be concerned about, and there are things that are less dire than they may appear to be,” Booth said. “If everything’s a crisis, nothing’s a crisis.”
Inside edition. Other experts IT Brew spoke to said that there are multiple red flags with the DOGE approach and that it might result in cyber insecurity that could affect the national interest. DTEX CEO Marshall Heilman told IT Brew that he’s worried about insider threats, as he would be in any mass layoff situation. Stressing that his concern was from a risk (rather than political) perspective, Heilman said that upheaval can lead to valuable information walking out the door and new hires coming in and learning on the job.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“Whenever any organization goes through a change like this—whether a commercial organization or a government organization—the risk of intentional or accidental data loss is significantly higher because you are having a number of personnel exit the company,” Heilman said.
Experience matters. Further, as Cybernews Security Researcher Aras Nazarovas told IT Brew, the DOGE staffers who are conducting deep investigative audits into the agencies don’t have the institutional knowledge themselves to effectively and safely work within the systems, presenting challenges. Without clearance or, from what Nazarovas can tell, any normal procedures, DOGE staff accessing internal data is worrying because it “shows that there was some exception made in terms of rules.”
“People who usually interact with these systems are usually embedded…they are interacting with that system to some extent,” Nazarovas said. “It appears that that’s something that wasn’t the case in this investigation.”
In Booth’s view, these threats are worth monitoring and are real. He told IT Brew that there is a possibility of national security risk to the insider threats and lack of institutional knowledge that are being exposed could indeed lead to hostile action. That’s not certain, but it’s a possibility.
“There’s no doubt in my mind that adversarial nation states are looking for ways in which to take advantage of the perceived or actual instabilities in the way in which we control access to sensitive information systems,” Booth said.