In the Age of the DOGE, security needs to remain impartial.

Cybersecurity Needs to Stay Nonpartisan in the Age of DOGE

Nonpartisanship has also been a key benefit of working in state security, which was formerly known as information security, information assurance, and various names. Over the past three decades working on state, national and even foreign government projects, one key concept that international experts all agreed on has been that “nobody wants to be hacked” — whether you are a Democrat, Republican or independent. However, cybercrime is one of the few areas with bipartisan support.

However, over the past few weeks, there have been numerous media reports that aim to slow down or even shut down the new federal Department of Government Efficiency ( DOGE ) by using cybersecurity and privacy concerns as justifications. My concern is that ancient security expert instincts to prevent professional priorities has now crossed over that political line based upon personal agendas.

Let me be clear that I am not asking whether someone supports or opposes federal government budget cuts before listing some important article examples. I’m not addressing whether one’s political preferences match those of others who are elected, or whose choices are based on organizational charts and appointed positions.

Opinions are all over the map as to whether the U. S. Agency for International Development should cut dollars given to foreign nations, federal , the , the , President Trump is , or a long list of other hot political topics surfacing under Trump 2.0.

The democratically elected leader of our nation and his executive team are making these legal decisions, and courts have allowed DOGE to continue its work.

Consider these headlines:

Forbes:
Elon Musk is the richest man in the world, the richest man in the world, and current head of Tesla, SpaceX, X ( formerly Twitter ), Neuralink, The Boring Company, and xAI, which is” surprising.” The top DOGE employees are reportedly young, tech-savvy “hackers” with unprecedented access to systems that contain everything from personnel records to highly sensitive financial data.

Yahoo:
According to the website of the privacy-focused non-profit,” The Electronic Privacy Information Center ( or EPIC ) filed a lawsuit against the Department of Government Efficiency (or, sigh, DOGE ) on Monday. The Office of Personnel Management and the Treasury Department have been “illegally forced” by DOGE and its leader Elon Musk to release vast amounts of digital information about Americans to “untrained, unauthorized personnel,” according to the lawsuit. The lawsuit calls Musk’s actions ‘ the largest data breach in American history.'”

CNBC TV18: Do you know that Musk’s DOGE team has serious cyber security concerns?
Security experts claim that there has never been such a group of unvetted and inexperienced outsiders gain access to the government’s nerve center. The campaign, led by Musk’s DOGE team, began at the Treasury Department when they took control of the U. S. government’s payment system — a move justified as monitoring public spending. From there, it grew into a previously unheard-of cost-saving initiative, with software engineers taking control of computer systems across federal agencies.

They have disrupted and, in some cases, effectively shuttered organizations like the US Agency for International Development ( USAID), the Department of Education, and the General Services Administration ( GSA ), which oversees a large portion of the government’s infrastructure and building portfolio.

” ‘ In the span of just weeks, the U. S. government has experienced what may be the most consequential security breach in its history,’ wrote Bruce Schneier, a security technologist at the Harvard Kennedy School, and Davi Ottenheimer of Inrupt, a data infrastructure company, in Foreign Policy“.

WHO WAS AUTHORIZED TO ACCESS WHAT FEDERAL SYSTEMS AND DATA?

My opinion is that everyone needs to relax and ascend to the top by overcoming some of these outrageous claims about the largest data breach in history, the largest cybersecurity crisis, and many more. Do these claims hold any water or are they hyperbole?

What did the president say firstly regarding authority and access?

Trump claimed on Monday that he only had access to those who he believes are no good, if we were to agree with him.

” ‘ Elon can’t do and won’t do anything without our approval. And where necessary, we’ll give him the approval, and where necessary, we won’t, according to Trump. We won’t let him approach a conflict or issue where we believe there is. “”

Second, watch this Bloomberg interview with respected , which begins with the DOGE team’s investigation into sensitive payment systems.

Bessent starts by saying:” Thank you for asking about that, because there is a lot of misinformation … These are two Treasury employees … One of whom I personally interviewed … There is no tinkering with the system … They have read-only access … They can make no changes.”

Regarding IRS taxpayer data access:” Thanks again for your question. Over the past four years, there have been many leaks there. … I am concerned about collections, about privacy and that the system is robust.”

I strongly advise viewers to watch the entire interview as well as some of the with Secretary Bessent on the subject.

Third, several allegations have been made that DOGE’s actions violate the Privacy Act of 1974. Wired magazine An example is given below:

The Privacy Act forbids an organization from making any disclosure of a person’s records, even within the organization, unless that person consents in writing or the organization meets one of the law’s 12 exceptions. …

There are also two broad, ambiguous exceptions: Agencies can share records with their own employees who ” for the record in the performance of their duties” or with third parties for” ” ( defined as one that is” compatible with the purpose for which the data ] was collected ).

The validity of that argument depends on how judges decide whether the DOGE personnel who accesses each agency’s data are employees or not, and whether the two exceptions apply to the circumstances in which they access and share the data.

” But he also DOGE staffers were employees of the agencies whose data they were accessing — a crucial question for a Privacy Act case”.

Fourth, Secretary Bessent’s interview makes it abundantly clear that those who are granted access do so in accordance with agency policies and procedures, including that they are departmental employees ( which is crucial to comply with the Privacy Act of 1974 ).

This MSN.com article contains a lot of interesting details that are useful in this situation:

” But the media did not care who had access to that data during the Biden years.

As of September 2023, there were as many as 919 individuals who had access to masked IRS data, according to a from the Treasury Inspector General for Tax Administration.

The unmasked data contains personally identifiable information and “requires executive level approval” to access. Roughly 20 of those individuals were’ researchers and student volunteers.'”

Fifth, according to ‘s article,” a group of 14 state attorneys general attempted to restrict DOGE’s access to some federal systems, but a judge rejected the request.”

What do the piece’s authors, Frank den Hartog and Abu Barkat Ullah, claim is the cause of the controversy surrounding DOGE and government system access and cybersecurity? The answer is trust.

They then go on to discuss ways to lessen the risk of insider trading within your organization and provide additional useful details, but they then succinctly sum up their claims about Elon Musk’s lack of trust.

In a Politico article on September 6th, Politico describes how GOP privacy advocates deny concerns about DOGE data dives:

” Sen. Josh Hawley of Missouri, a frequent critic of Big Tech’s use of Americans ‘ personal data, said Tuesday night that DOGE employees were required to ‘ follow all federal laws related to privacy and so forth’ and he would be’ shocked’ if they were skirting those rules.

Hawley continued,” I assume and expect that they are adhering to whatever the rules are for their level of clearance, level of government employee, and designation,” adding that he did not know the security clearance status of DOGE’s staff. That’s fine as long as they’re sticking to those, so long as they’re adhering to those.

” Sen. Rand Paul of Kentucky, another defender of individual privacy rights and opponent of government surveillance efforts, also appeared like Hawley to be taking the administration at its word that there was nothing out of the ordinary taking place.

I don’t know how this would be any different from someone else looking at government data, Paul said in an interview.” I don’t think anybody who looks at it is bound by rules on privacy. The privacy laws are still in effect. If they’re breaking any rules, they’ll get in trouble, but you have to look at the data to find the problems.’ “”

FINAL THOUGHTS

While some readers may still doubt that these recent claims of cybersecurity and privacy violations at DOGE are political in nature, any remaining doubts that I had were erased on Friday, Feb. 21.

Senate Democrats, who are ineffective in their ability to fight the GOP agenda, used the “vote-a-rama” to compel tough votes in a bid to put Republicans on record over contentious issues, according to CNN. …

” Democratic Sen. Chris Coons called up an amendment aimed at prohibiting DOGE from accessing or misusing private data and information, which was rejected by voice vote”. &nbsp,

Data privacy and cybersecurity were able to stay out of political battles for as long as I have been a leader in government security and technology. Mayors, governors, county executives, department directors and more generally support doing the right things with data and keeping cybersecurity activities out of politics.

I’m sure that the recent events with DOGE won’t alter this historic, nonpartisan agreement about cybersecurity, and that we can even maintain bipartisan support for cyber at all levels of government.

Regardless of who wins the election or who is appointed CEO, there is still time to correct if cybersecurity and technology experts remember the value of “need to know” principles and who authorizes access in your government situation or business.