Arizona Tribune - Musk's DOGE team raises major cyber security concerns

Never before has a group of unvetted and inexperienced outsiders gained such access to the nerve center of the US government, according to security experts.

The campaign, led by Musk's DOGE team, began at the Treasury Department when they took control of the US government's payment system -- a move justified as monitoring public spending.

From there, it expanded into an unprecedented cost-cutting initiative, with software engineers spreading across federal agencies, taking control of computer systems.

They have disrupted and in some cases effectively shuttered organizations such the United States Agency for International Development (USAID), the Department of Education, and the General Services Administration (GSA), which manages much of the government's infrastructure and building portfolio.

"In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history," wrote Bruce Schneier, a security technologist at the Harvard Kennedy School, and Davi Ottenheimer of Inrupt, a data infrastructure company, in Foreign Policy.

The situation is particularly critical at the Bureau of Fiscal Services, the Treasury unit managing all federal payments -— a crucial chokepoint of the US economy.

An internal report by an outside contractor warned that the access given to the DOGE team "poses the single greatest insider threat risk the Bureau has ever faced."

The computer systems in question rank among the world's most complex and sensitive.

Yet DOGE is staffed primarily with individuals connected to Musk's companies and young tech professionals in their 20s -— virtually none of whom have been vetted, or have government experience.

As for Musk himself -- who is unelected -- there are concerns about his conflicts of interest, as his companies hold several major government contracts, and whether access to sensitive data will give his business empire an even greater advantage.

Meanwhile, senior government workers with decades of system expertise have been blocked from buildings and sidelined by DOGE teams, raising concerns among those who understand the intricate vulnerabilities of government technology.

The consequences are already emerging.

At the Office of Personnel Management, the government's HR department, reports indicate DOGE-associated individuals connected an unauthorized server to the network and are using AI software on US citizens' personal data -- in violation of federal privacy laws.

The blitz on government has sparked numerous lawsuits, forcing some retreat from DOGE, with a Trump official on Wednesday acknowledging to a judge that a staffer should not have had full system access.

In another security slip-up, according to The New York Times, the CIA sent an unclassified email listing all employees hired by the spy agency over the last two years to comply with cost-cutting efforts spearheaded by DOGE.

- Too much power -

Security experts Schneier and Ottenheimer are especially troubled by the removal of career officials who managed security measures.

"The Treasury's computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power," they wrote.

Making changes to critical financial systems "traditionally requires multiple authorized personnel working in concert," they said.

Musk, who frequently posts on the social platform he owns, X, dismisses government workers as either inept or politically compromised -- a "deep state" aligned with Democrats and opposed to Trump.

The risk of mistakes has alarmed cybersecurity experts, including Michael Daniel, former White House cybersecurity coordinator under Barack Obama and current head of the Cyber Threat Alliance.

"The Chinese, the Russians, other intelligence services -– they put their A-teams on projects that target the US government, and they will exploit any opportunity they have," Daniel warned.

"This assumption that obviously everybody that works for the federal government is stupid and incompetent, and it's so simple that it doesn't even matter who you put on the job... that's just incorrect."

"With government systems, things are not necessarily obvious on the surface. And it takes experience to understand what some of those issues are."

Meanwhile, security experts note that China and Russia, which have long targeted these sensitive systems, could weaponize mistakes and vulnerabilities made in one afternoon for years to come.

If "cybersecurity is not top of mind in every step of the integration, you potentially open the door for foreign intelligence services and sophisticated cyber criminals to find a way through," Eric O'Neill, former FBI operative and strategist for cybersecurity specialty firm NeXasure, told AFP.

Ch.Campbell--AT