News: 1738866608

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Dems want answers on national security risks posed by hiring freeze, DOGE probes

(2025/02/06)


Updated Elected officials are demanding answers as to whether the Trump administration and Elon Musk's Department of Government Efficiency (DOGE) are hamstringing US national security.

In a pair of letters sent to Charles Ezell, Office of Personnel Management acting director, and Susie Wiles, Trump's chief of staff, Democrats on the House Committee on Homeland Security (CHS) and Democratic Senators from the Select Committee on Intelligence have sought clarity on [1]DOGE 's activities and whether the federal workforce hiring freeze and buyout offer includes cybersecurity professionals.

Using an executive order, President Trump [2]triggered a federal employee hiring freeze on his first day in office that, while including an exception for "national security" positions, did not define what those positions were.

[3]

"Related guidance from the Office of Personnel Management (OPM) and the Office of Management and Budget similarly failed to clarify how agency heads should implement this exemption," the CHS Dems' [4]letter [PDF] notes. As of February 2, the letter adds, the Cybersecurity and Infrastructure Security Agency (CISA) doesn't have a single open position posted on the government's USAJOBS website, suggesting the freeze is at the very least affecting CISA's ability to fill infosec roles.

[5]

[6]

"A hiring freeze that precludes federal agencies from filling cybersecurity positions risks the security of federal networks and may prevent sector risk management agencies from fulfilling their obligations to help defend critical infrastructure," the letter continues.

DOGE inspectors already have gained access to classified materials, including intelligence reports ... sensitive government payment systems ... and federal personnel data

The CHS Democrats also mentioned the struggle the US government has had in recruiting and retaining cybersecurity professionals, pointing to Biden-era [7]programs designed to fill the cybersecurity gap.

"Reckless attacks on federal workers risk reversing recent progress in addressing the federal government's cyber workforce shortage," the letter states.

The CHS Democrats also complained that the [8]OPM-offered buyout of federal employees would further exacerbate the cybersecurity talent shortage, asking Ezell to specifically tell them how many cybersecurity professionals had chosen to take the severance deal and where they worked. Like the hiring freeze executive order, the "fork in the road" paid resignation offer included an exception for those in national security positions, but neglected to define what that meant.

[9]

The letter gives Ezell until February 19 to answer the CHS Dems' questions. We've reached out to the OPM and the CHS, the latter of which told us it didn't expect to receive an answer so quickly. The OPM hasn't responded to questions.

DOGE demands intensify

The Democratic half of the Senate Select Committee on Intelligence has also made its displeasure with the Trump administration known, sending a [10]letter to Wiles demanding answers on several aspects of Musk's DOGE team and whether it's endangering US national security and the privacy of American citizens.

What has DOGE been up to? There are various reports of the secretive team, with President Trump's blessing, accessing highly sensitive systems at the Office of Personnel Management (OPM), the United States Agency for International Development (USAID), the General Services Administration, the Centers for Medicare and Medicaid Services, and the Dept of Education, at least.

This has included, it's said, pushing code that makes it easier to block payments directly to production on the Treasury's critical payment system. All with the stated intention of rooting out inefficiencies, aka things Elon Musk doesn't approve of.

"We write to express our grave concern with the illegal actions currently being undertaken by the Department of Government Efficiency," the Senators, led by committee vice chairman Senator Mark Warner (D-VA), state in the missive. "DOGE inspectors already have gained access to classified materials, including intelligence reports ... sensitive government payment systems, including for Social Security and Medicare ... and federal personnel data."

"As of today the scope of DOGE's access only seems to be expanding," the letter continues, adding that despite its growing grip on the federal bureaucracy, Congress hasn't been told who has been hired, how their regulatory authority has been granted, nor how the group "is vetting and monitoring its staff and representatives before providing them seemingly unfettered access to classified materials and Americans' personal information."

[11]Trump admin seeks to reclassify federal CIOs, opening door to political appointees

[12]DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system

[13]Trump scrubs all mention of DEI, gender, climate change from federal websites

[14]Musk's DOGE ship gets 'full' access to Treasury payment system, sinks USAID

The letter states that government employees are typically only allowed to see the information DOGE has been accessing after "a rigorous background investigation," and even then access is only granted on a need-to-know basis.

"Circumventing these requirements creates enormous counterintelligence and security risks," the Senators's letter continues. Those counterintelligence threats and security risks are likely only exacerbated by [15]reports that DOGE chief Musk wanted to hire a Turkish-born venture capitalist and ally who isn't a US citizen to join the team gutting federal agencies. While Trump's advisors reportedly denied Musk's request, the fact it was made at all indicates DOGE might not be vetting employees based on US cybersecurity standards.

The American people, and our intelligence officials, deserve to know that their information is being appropriately safeguarded

Additionally, the Senators expressed concern that the DOGE team was ignoring cybersecurity requirements for accessing federal networks by, among other things, reportedly connecting personal devices to sensitive government networks.

"Such unregulated practices with our government's most sensitive networks render Americans' personal and financial information, and our classified national secrets, vulnerable to ransomware and cyber-attacks by criminals and foreign adversaries," the letter states.

"The Executive Branch cannot operate without regard to rules, regulations, or Congressional oversight," the Senators conclude. "The American people, and our intelligence officials, deserve to know that their information is being appropriately safeguarded."

Senator Warner's team told The Register that, "unsurprisingly," it hadn't heard from the White House since sending the letter – but it had better, his office added.

[16]

"The Senator certainly expects the White House to provide the requested information, consistent with [the] Committee's oversight obligations," Warner's communications team said.

As with the [17]letter sent yesterday by Democrats on the House Committee on Oversight and Government Reform – which demanded answers about an OPM email server set up after Trump's inauguration that [18]allegedly violated federal law – the Senate Democrats have set a February 14 deadline.

The White House hasn't responded to questions. ®

Updated to add at 2200 UTC

NPR [19]reports CISA staff have received a last-minute offer to take the OPM's "fork in the road" severance if they wish.

"Team CISA, I am writing to provide an update that CISA employees may participate in the deferred resignation program," reads an email sent internally at the cybersecurity agency.

At this time, CISA employees may participate in the deferred resignation program

Staff aren't being given much time to accept. As with the rest of the federal government employees who've been given the option to quit, CISA employees reportedly offered the buyout have until midnight, February 6, to accept.

We asked the agency to confirm the report, and it told El Reg : "At this time, CISA employees may participate in the deferred resignation program ... CISA remains committed to ensuring the continuity of our mission while supporting our workforce through this process."

Since the offer was extended to federal employees, there's no way to tell whether those accepting the buyout will actually be paid. Congress hasn't appropriated funds to pay employees who choose to resign.

Several federal employee unions have sued to block the offer, [20]saying it violated federal law; a judge today paused the deadline, making it unclear if or when the fork in the road will actually hit.

Get our [21]Tech Resources



[1] https://www.theregister.com/2025/01/21/doge_us_digital_service_renamed/

[2] https://www.whitehouse.gov/presidential-actions/2025/01/hiring-freeze/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z6U_DMygvuGLPPoY0qhLAQAAAgY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://democrats-homeland.house.gov/download/opm-hiring-freeze-letter-02052025

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6U_DMygvuGLPPoY0qhLAQAAAgY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6U_DMygvuGLPPoY0qhLAQAAAgY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/09/05/white_house_cyber_jobs/

[8] https://www.theregister.com/2025/01/29/us_government_workers_resign_deal/

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6U_DMygvuGLPPoY0qhLAQAAAgY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[10] https://www.warner.senate.gov/public/index.cfm/2025/2/release-senate-intelligence-members-sound-the-alarm-about-doge-risk-to-national-security-and-american-privacy

[11] https://www.theregister.com/2025/02/05/trump_administration_reclassified_cios/

[12] https://www.theregister.com/2025/02/05/tom_krause_treasury_read_only_access/

[13] https://www.theregister.com/2025/02/03/trump_admin_scrubs_dei_websites/

[14] https://www.theregister.com/2025/02/03/musk_doge_treasury_usaid/

[15] https://www.theatlantic.com/politics/archive/2025/02/elon-musk-doge-green-card-trump/681575/

[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6U_DMygvuGLPPoY0qhLAQAAAgY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[17] https://www.theregister.com/2025/02/06/democrats_opm_server/

[18] https://www.theregister.com/2025/01/29/opm_email_lawsuit/

[19] https://www.npr.org/2025/02/06/nx-s1-5288883/cisa-staffers-deferred-resignations-doge

[20] https://www.cbsnews.com/news/judge-temporarily-blocks-implementation-deferred-resignation-program/

[21] https://whitepapers.theregister.com/



Quis custodiet?

Eclectic Man

"As of today the scope of DOGE's access only seems to be expanding," the letter continues, adding that despite its growing grip on the federal bureaucracy, Congress hasn't been told who has been hired, how their regulatory authority has been granted, or how the group "is vetting and monitoring its staff and representatives before providing them seemingly unfettered access to classified materials and Americans' personal information."

Every security professional's nightmare - people you don't know, whose security clearances you cannot check, and whose IT equipment has not been issued by someone who can provide security assurances, gaining physical access to your sensitive storage, complete with their mobile phones, smart-watches and heaven knows what else.

I worked for a while in a genuinely secure office. All electronic equipment (except, presumably heart pacemakers) had to locked in safes outside the room. There was a vestibule area. No-one was allowed to take IT equipment out of the office (unless authorised by SysAdmin).

You simply do not allow unaccredited people access with their own laptops to that sort of system.

https://www.theguardian.com/us-news/2025/feb/06/trump-musk-support-poll

"

In a letter published on Thursday, the members of the House oversight committee say they are worried that Musk and his operatives have illegally accessed classified information and sensitive personal data at agencies including the office of personnel management (OPM), the US treasury and the US Agency for International Development (USAid).

“There is no evidence that he, or any of his associates working under the ‘Doge team’ moniker, are entitled to access our government systems, nor is there any evidence that they have undergone the proper vetting to ensure the security of taxpayer and government data,” the letter said.

"

As a former System Administrator and Information Security consultant to UK Government Departments, Agencies and their suppliers, my sympathies lie with the staff trying to implement and follow their Departmental security procedures. I can only hope that the DOGE employees have not brought in any malware.

Re: Quis custodiet?

MonkeyJuice

Now imagine that cocksure kids who definitely won't accidentally the database are sat with full access deleting and updating rows by hand at the console on no sleep and 5 hour energy drinks with no oversight.

It is going to cost a lot of money to hose the shit off the walls, and that's assuming they aren't inadvertently dropping additional fun from their locally installed warez.

BYOD - Bring your own disaster.

Re: Quis custodiet?

Jellied Eel

Every security professional's nightmare - people you don't know, whose security clearances you cannot check, and whose IT equipment has not been issued by someone who can provide security assurances, gaining physical access to your sensitive storage, complete with their mobile phones, smart-watches and heaven knows what else.

But enough about Clinton, her unauthorised Crackberries, her 'hacks' and her unauthorised mail server in her basement that comingled personal and classifed information. Or enough whataboutery. But Warner is an arch self-publicist who helped extend the 'Patriot Act', which helped extend surveillance powers over err.. patriotic Americans. He also was actively involved in anti-Huawei legislation and other protectionism efforts, but then having made his fortune from telecomms, that's perhaps unsuprising. Don't buy evil Chinese kit, buy blue-blooded 'merican stuff like Cisco.. Which is made err.. where?

But I digress. It'll be interesting to see what the response is to Warner, which might be along the lines of 'now you're asking?' or just pointing out that staff with direct access are vetted, unvetted staff won't have direct physical access to sensitive storage, and phones, smart watches etc will be left in the lockers provided. Or should have been provided. But it's not like there haven't been previous leaks, or scares about leaks due to staff having personal electronic devices where they shouldn't.

And in other news, on the left side of the planet, the sky is still falling..

Re: Quis custodiet?

ecofeco

More words, still amateur trolling.

Do try harder, Ivan.

Re: Quis custodiet?

MonkeyJuice

It's interesting you use the phrase 'whataboutery' in your entirely whataboutist argument. Also please edit your posts so they're not a complete wall of text. We take pride in the signal to noise ratio here. Perhaps hit the bong after you post, not straight before.

Amateur.

Re: Quis custodiet?

Jellied Eel

Also please edit your posts so they're not a complete wall of text. We take pride in the signal to noise ratio here.

Translation: You have the attention span of an amoeba, and having been raised on a diet of 140 characters or less, can't actually read.

So, whatabout any evidence that Federal staff or contractors aren't actually being held to Federal security standards? I know that after years of leaks, hacks and generally lax security, this is something of a.. foreign concept. But such is politics. Warner probably doesn't care what the response to his demands are, he just wants the demands out there so the media picks them up and runs with them. But Warner, along with Schiff as top Demorats on the Senate Intelligence Committee presided over a period when that Committee leaked like a sieve.

Re: Quis custodiet?

Eclectic Man

See another article on this site concerning DOGE: https://www.theregister.com/2025/02/06/federal_court_leashes_doges_tresury_access/

"It was reported earlier that Elez, at least, had gained sysadmin-level access to Treasury systems, as a DOGE operative, and had already pushed code direct into production there to make it easier to block payments."

Jaw Drops In Amazement.

Let me get this straight, someone has implemented code on a live system handling highly sensitive financial transactions without official SysAdmin approval, testing, or specification????

Sorry, I need a little lie down now.

Re: Quis custodiet?

MonkeyJuice

Abandon all faith all ye who ISO 27001 here.

Re: Quis custodiet?

Eclectic Man

True story, I was a qualified ISO27001 Lead Auditor a few years ago.

Shivers. I may need a little big something to help me sleep tonight

Nematode

Musk.

What could possibly go wrong?

re: What could possibly go wrong?

Eclectic Man

In answer to your question, see, for example:

https://www.theguardian.com/technology/2024/apr/20/cybertruck-failures-tesla-elon-musk

This gives me no pleasure, I had a nightmare last night that Trump / Musk and DOGE devastate the US Federal Agencies to the extent that there are mass disturbances in US Cities, Trump declares a nationwide national emergency, invokes martial law and suspends all federal elections, including to the office of President. While the US Army are busy maintaining peace, China talks over Taiwan, Israel annexes the West Bank, the Abraham accords break down and there is general chaos. Please tell me it won't happen.

Re: re: What could possibly go wrong?

Anonymous Coward

It won't happen.

Re: re: What could possibly go wrong?

Yet Another Anonymous coward

Remember this is the USA.

Trump declares martial law and invades Taiwan. Meanwhile Vietnam invades America and wins

China invades Afghanistan, because it's their turn, and Israel annexes the Sudetenland

JamesTGrant

Oh El Reg - you’ve squeezed in the smallest tech angle. But another ‘Trump/Musk trashing the US government’ article? There’s LOADS of tech stuff happening, let’s have some tech or IT articles?

ecofeco

Massive unauthorized system intrusions and raids are not... tech?

Numpty.

Move fast, break things, drains up.

Missing Semicolon

To be fair, the perception is that the whole system has become so ossified, so encrusted with stuff that happens because it's always happened, and little projects that are nothing to do with running a country, that doing the IT thing of just switching it off and seeing what stops working is the only solution.

USAID was a really bad case of that.

There are organisations who have become comfortable with the constant drip of State cash who need to have hard questions asked.

If they just reviewed everything, 40 years would not be enough to review each one.

Re: Move fast, break things, drains up.

Anonymous Coward

That may be true, but the way it is happening is unconstitutional. Congress appropriates and authorizes funds to be spent and the executive branch can't just stop. The current Congress might be complicit with this, but they don't have the guts to pass legislation that does the same.

Re: Move fast, break things, drains up.

heyrick

" There are organisations who have become comfortable with the constant drip of State cash who need to have hard questions asked. "

USAid? Nah. I think people don't understand what USAid is about or why that sort of thing is important, but then I guess the sort of president who sees the Gaza strip as "real estate" potential would utterly fail to comprehend something like USAid.

If you really want to sort out the parasites drinking the available cash, let's start with Boeing, General Motors, Boeing, Tesla, Boeing, Intel, Boeing, Amazon...and of course Boeing.

QOTD:
I'm not a nerd -- I'm "socially challenged".