The DOGE effect on cybersecurity: Efficiency vs. risk
The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cybersecurity defenses.
The cybersecurity landscape is in flux, with government efficiency initiatives sending ripples through federal agencies and beyond. The latest episode of CISO Insights, "The DOGE-effect on Cyber: What's happened and what's next?" drew record attendance, reflecting concern about DOGE among members of the cybersecurity community.
This heightened anxiety was clearly reflected in the webinar's live poll results, in which 61% of cybersecurity professionals expressed worry about the effect of DOGE changes.
What, exactly, is the DOGE effect? The webinar explored this question and whether the pursuit of government efficiency is undermining cybersecurity or it is necessary for the right-sizing of bloated bureaucracies.
The webinar featured guest expert panelists Michael McLaughlin, co-leader of the cybersecurity and data privacy practice group at Buchanan, Ingersoll and Rooney, and Richard Stiennon, chief research analyst at IT-Harvest, along with other seasoned cybersecurity professionals.
Understanding the DOGE effect
The DOGE effect refers to cost-cutting and efficiency-driven initiatives at the federal level, spearheaded by the Trump Administration's Department of Government Efficiency (DOGE), and similar actions taken by state and local governments. These initiatives can involve staff reductions, restructuring of agencies and a push for greater efficiency in government operations.
The DOGE effect is already being felt across various sectors. Several states have implemented their own versions of the DOGE initiative. For example, Florida Governor Ron DeSantis established the Florida DOGE task force. While these initiatives share a focus on cost reduction and streamlining operations, it's important to note that they are not limited to any single political party. Blue states like New York and Hawaii have also pursued similar paths.
Moreover, the effect is being felt in the private sector, with consulting firms experiencing layoffs attributed to government cutbacks. For instance, Deloitte announced layoffs of U.S. consultants following a DOGE initiative to cut government contracts. These developments have raised alarms among cybersecurity experts, as highlighted in a Time Magazinearticle that warned about the potential risks to national security.
Conflicting perspectives on DOGE
The webinar panelists presented differing perspectives on the DOGE effect's implications for cybersecurity. CISO Earl Duby expressed a degree of cautious optimism, suggesting that it's too early to definitively judge the long-term effect. He argued that government agencies often undergo rapid expansion to address emerging challenges, which can lead to inefficiencies and overlaps in responsibilities. In his view, the current initiatives might be a necessary correction to streamline operations and clarify roles.
"To me, this is just almost like a natural reaction to the fact that you scaled up a lot of organizations quickly, maybe didn't have a defined 'rules of engagement' of what each group was doing, and now you see some overlap and you see some opportunities where you can streamline these things," Duby said.
You can't take somebody off the street whose job was literally to hack, who is a hacker, and give them a different job.
Richard StiennonChief research analyst, IT-Harvest
However, Stiennon voiced strong concerns about the potential risks associated with the DOGE effect. He argued that it has led to questionable practices, such as hiring individuals without proper background checks and granting them excessive access to sensitive systems. Stiennon cautioned that these actions could have severe long-term consequences for cybersecurity.
"You can't take somebody off the street whose job was literally to hack, who is a hacker, and give them a different job," Steinnon said."What's to stop them from doing that?"
The discussion also included a debate about terminology, specifically the use of the term DOGE hackers. McLaughlin emphasized the importance of using accurate language to avoid politicizing the issue, while Stiennon defended his choice of words based on the individuals' past activities.
Efficiency vs. security: Finding the balance
McLaughlin offered a nuanced perspective, acknowledging both potential benefits and drawbacks of the DOGE effect. He pointed to the potential for CISA to refocus on its core mission of cybersecurity reporting and coordination, reducing the overlap and confusion caused by other agencies' involvement. Additionally, he suggested that pushing resources down to the state level could be beneficial, bringing resources closer to where they are needed most.
Drawing on his experience as CISO for the state of Michigan, Dan Lohrmann provided a real-world example of how efficiency measures can have positive outcomes. He described how a centralized model in Michigan led to a clearer mission, reduced turf battles, and ultimately, a highly effective cybersecurity team.
However, Stiennon countered that the federal DOGE initiative lacks the careful, considered approach seen in Michigan. He expressed concern about the potential for arbitrary and damaging cuts, driven by ideological agendas rather than a genuine desire for improvement.
"Never in the state of Michigan did an outside billionaire come in and be asked to appoint people to come in and cut your employees in every department without asking your permission, without going through a process, without evaluating those employees...."
Key concerns and the way forward
The panelists acknowledged the potential for loss of institutional knowledge due to staff cuts, the debate around the strategic versus arbitrary nature of the cuts and the fact that federal cybersecurity efforts don't always directly affect the private sector's security. Stiennon also highlighted the importance of international cooperation in combating cybercrime, particularly the need for diplomatic efforts to engage Russia in addressing ransomware. Finally, the panelists briefly compared accountability differences between private sector CEOs and public sector agency heads.
Conclusion: A need for balance
While the pursuit of efficiency is a legitimate goal, it must be balanced against the need to maintain robust cybersecurity defenses, seemed to be the consensus that came from this webinar.
As McLaughlin emphasized, the private sector has a crucial role to play in safeguarding its own systems, regardless of government actions.
"The soft underbelly is and has always been the private sector, and that's what is targeted 99% of the time," he said. "The private sector needs to recognize that we have certain responsibilities … to make sure you're safeguarding your systems."
Duby called for a measured approach and a willingness to allow the process to unfold. Still, cybersecurity professionals must remain vigilant, advocate for evidence-based policies and adapt to the evolving landscape. The remaining months of 2025 will be critical in determining the long-term consequences of DOGE's actions, and security must remain a priority throughout this period of change.
Editor's note:Editor Ana Solom-Boira created this article. She used an AI tool to aid with the preparation for creating this article.
Ana Salom-Boira is an editorial manager within Informa TechTarget's Editorial Summits team. She also produces and hosts the podcast series Tech Beyond the Hype, which explores how emerging technologies and the latest business trends are shaping the future of work.
