The Department of Government Efficiency ( DOGE ), President Donald Trump’s special commission tasked with cutting federal spending, continues to stifle administration and administration. According to reports, its teams are entering national firms with a nearly unabated authority to revolution the federal government in accordance with current executive orders.
As a 30-year security veteran, I find the actions of DOGE so much concerning. Given its wide mandate across the government, relatively minimal supervision, and the obvious lack of functional competence of its employees, DOGE has the potential to create conditions conducive to cybersecurity or data privacy incidents that affect the entire country.
The purpose of security has always been to safeguard the security and integrity of knowledge and information systems while assisting in making those techniques available to those who need them. However, in its first few weeks of operation, reports suggest that DOGE’s employees appears to be disobeying those principles, potentially making the federal government more susceptible to cyberattacks.
Technical ability
Cybersecurity and data systems, like any other business function, rely on employees trained especially for their jobs. Technology professionals require a foundation collection of credentialed education, training, and expertise to ensure that the most skilled people are on the job, just as you wouldn’t let someone who only had first aid knowledge open heart surgery.
Currently, the general public, federal agencies and Congress have little idea who is tinkering with the government’s critical systems. DOGE’s hiring process, including how it screens applicants for technical, operational or cybersecurity competency, as well as experience in government, is opaque. Additionally, the acting U.S. attorney in Washington has intimidated journalists looking into the backgrounds of DOGE employees.
DOGE has who are either recently graduated from college or are still in college or have little to no government experience, but who reportedly have strong technical skills. Some people, however, have questioned their backgrounds for such delicate work. Additionally, a prominent DOGE employee at the Treasury Department has due to a number of racist social media posts.
According to reports, these DOGE staffers have been granted administrator-level technical access to a variety of federal systems. These include systems that process all , including those for Social Security, Medicare, and the government’s and its contracting operations, which have been congressionally approved funds.
According to reports, DOGE operatives are quickly creating and deploying significant software changes to extremely complex, outdated systems and databases. However, given the rapid pace of change, it’s likely that there is little formal planning or quality control involved to prevent such changes from destroying the system. These actions go against cybersecurity best practices and best practices for technology management.
In consequence, it’s unlikely to be known whether these changes make government systems more unstable and vulnerable, whether sensitive data can be , or whether DOGE’s work makes government systems more unstable and vulnerable.
If you don’t know what you’re doing in IT, really bad things can happen. The healthcare industry’s is a notable example. gov website in 2013. As the country heads toward yet another and citizens seek out their Social Security benefits, that’s fairly important to keep in mind as the Treasury Department’s systems work.
A federal judge ruled on February 6, 2025, that DOGE staff had only read-only access to the Treasury Department’s payment systems, but legal disputes arose regarding their legal access to the government IT systems.
DOGE email servers
Some of DOGE’s first actions show that it lacks cybersecurity expertise. Without adhering to tried-tested best practices for cybersecurity and IT administration, DOGE installed its own email servers across the federal government to facilitate direct communication with rank-and-file employees outside of official channels. Federal employees are suing to allege that these systems didn’t go through the security check mandated by the federal cybersecurity laws.
The federal government has a set procedure for setting up and deploying new systems to make sure they are stable, secure, and least likely to lead to cybersecurity issues. But DOGE ignored those practices, with predictable results.
One of these servers, for instance, allowed a journalist to to his newsletter to more than 13, 000 National Oceanic and Atmospheric Administration employees. Another example is how someone could easily manipulate a worker’s responses to DOGE’s Fork in the Road to federal employees using malicious intent. A straightforward social engineering could wrongly put an employee at risk of losing their employment. Additionally, DOGE employees reportedly connect their own untrusted devices to government networks, which could open up new avenues for cybercriminals to hack sensitive systems.
DOGE, however, appears to be adopting innovative cybersecurity strategies to protect itself. It is reorganizing its internal communications to avoid Freedom of Information Act requests for information, and it is using cybersecurity methods to track insider threats to of its information.
Lacking management controls
But it’s not just technical security that DOGE is ignoring. A DOGE team’s access to sensitive financial and personnel systems was thwarted on February 2 by two security officials for the U.S. Agency for International Development until their identities and clearances were verified, in accordance with federal requirements. Instead, the officials were threatened with arrest and placed on administrative leave, and DOGE’s team gained access.
Additionally, the Trump administration has reclassified federal chief information officers, who are typically senior career employees with years of specialized knowledge, to general employees who are subject to dismissal for political reasons. Therefore, the federal government may be experiencing a brain drain of IT talent, as well as a steady turnover of both senior IT leadership and other technical experts. This change almost certainly will have an impact on cybersecurity.
DOGE employees now have to the database of millions of federal employees, including those with security clearances holding sensitive positions, from the Office of Personnel Management. Without oversight, this access opens up the possibilities of privacy violations, tampering with employment records, intimidation or political retribution.
To ensure accountability for cybersecurity and , management must have support from all levels of management. This is particularly crucial in the public sector, where oversight and accountability are essential components of and national security. After all, if people don’t know what you’re doing, they don’t know what you’re doing wrong.
DOGE appears to be operating with very little oversight right now if anyone willing or able to hold it accountable for its actions.
Mitigating the damage
Federal employees in their careers who are attempting to comply with legal or cybersecurity standards for federal systems and data are now in a difficult position. They either capitulate to DOGE staffers ‘ instructions, thereby abandoning best practices and ignoring federal standards, or resist them and run the risk of being .
The federal government’s vast collections of data touch every citizen and company. People can still take steps to protect themselves from the negative effects of DOGE’s activities, even though government systems may no longer be as trustworthy as they once were. In order to conduct business on federal websites, you should in case your government data is disclosed.
It’s crucial for the administration, Congress, and the general public to acknowledge the cybersecurity risks DOGE’s activities pose and take action to bring the organization under a reasonable level of control and control.