The DOGE Effect on Cybersecurity: Efficiency vs. Risk

The cybersecurity landscape is undergoing a significant shift, with government efficiency initiatives sending ripples through federal agencies and beyond. The latest episode of CISO Insights, "The DOGE-Effect on Cyber: What's happened and what's next?" drew record attendance, reflecting concern about the impact of DOGE among members of the cybersecurity community.

The webinar explored this question and whether the pursuit of government efficiency is undermining cybersecurity or it is necessary for the right-sizing of bloated bureaucracies. The webinar featured guest expert panelists Michael McLaughlin, co-leader of the cybersecurity and data privacy practice group at Buchanan, Ingersoll and Rooney, and Richard Stiennon, chief research analyst at IT-Harvest, along with other seasoned cybersecurity professionals.

The DOGE Effect: What is it?

The DOGE effect refers to cost-cutting and efficiency-driven initiatives at the federal level, spearheaded by the Trump Administration's Department of Government Efficiency (DOGE), and similar actions taken by state and local governments. These initiatives can involve staff reductions, restructuring of agencies and a push for greater efficiency in government operations.

The DOGE effect is already being felt across various sectors. Several states have implemented their own versions of the DOGE initiative. For example, Florida Governor Ron DeSantis established the Florida DOGE task force. While these initiatives share a focus on cost reduction and streamlining operations, it's important to note that they are not limited to any single political party. Blue states like New York and Hawaii have also pursued similar paths.

Concerns about the DOGE Effect

The webinar panelists presented differing perspectives on the DOGE effect's implications for cybersecurity. CISO Earl Duby expressed a degree of cautious optimism, suggesting that it's too early to definitively judge the long-term effect. He argued that government agencies often undergo rapid expansion to address emerging challenges, which can lead to inefficiencies and overlaps in responsibilities.

However, Stiennon voiced strong concerns about the potential risks associated with the DOGE effect. He argued that it has led to questionable practices, such as hiring individuals without proper background checks and granting them excessive access to sensitive systems. Stiennon cautioned that these actions could have severe long-term consequences for cybersecurity.

Efficiency vs. Security: Finding the Balance

McLaughlin offered a nuanced perspective, acknowledging both potential benefits and drawbacks of the DOGE effect. He pointed to the potential for CISA to refocus on its core mission of cybersecurity reporting and coordination, reducing the overlap and confusion caused by other agencies' involvement.

Additionally, he suggested that pushing resources down to the state level could be beneficial, bringing resources closer to where they are needed most. Drawing on his experience as CISO for the state of Colorado, McLaughlin highlighted the importance of having local expertise and understanding the unique cybersecurity challenges faced by each jurisdiction.

Panelists' Key Concerns

The panelists acknowledged the potential for loss of institutional knowledge due to staff cuts, the debate around the strategic versus arbitrary nature of the cuts and the fact that federal cybersecurity efforts don't always directly affect the private sector's security. Stiennon also highlighted the importance of international cooperation in combating cybercrime, particularly the need for diplomatic efforts to engage Russia in addressing ransomware.

Finally, the panelists briefly compared accountability differences between private sector CEOs and public sector agency heads. While the pursuit of efficiency is a legitimate goal, it must be balanced against the need to maintain robust cybersecurity defenses, seemed to be the consensus that came from this webinar.

The Way Forward

As McLaughlin emphasized, the private sector has a crucial role to play in safeguarding its own systems, regardless of government actions. "The soft underbelly is and has always been the private sector, and that's what is targeted 99% of the time," he said.

Duby called for a measured approach and a willingness to allow the process to unfold. Still, cybersecurity professionals must remain vigilant, advocate for evidence-based policies and adapt to the evolving landscape.

Conclusion

The DOGE effect on cybersecurity is a complex issue that requires careful consideration of both efficiency and security concerns. As the government continues to implement cost-cutting measures, it's essential that cybersecurity professionals prioritize robust defenses and advocate for evidence-based policies that protect national security interests.