DOGE’s Data Grab: Security Experts Alarmed Over Musk-Led Government Overhaul

Elon Musk and his Department of Government Efficiency (DOGE) have gained access to sensitive US government data, aiming to streamline operations but raising major cybersecurity concerns. DOGE has reportedly tapped into Treasury Department systems, classified USAID data, and Office of Personnel Management (OPM) files, which include security clearances for millions of federal employees. According to Reuters, DOGE has even blocked key officials from accessing OPM systems, while The New York Times reports that partially redacted CIA personnel names were sent through an unclassified email.

Furthermore, Forbes revealed that DOGE is feeding data from the Departments of Education and Energy into an AI model, with unclear security measures in place. Plans are also in motion for GSAi, an AI chatbot intended to manage the General Services Administration.

Cybersecurity Experts Sound the Alarm

Cybersecurity professionals, including Stewart Baker, Evan Dornbush, and Willy Leichter, have voiced serious concerns over DOGE’s actions.

Is DOGE’s Access a Security Risk?

• Baker: Musk’s "move fast and break things" approach could undermine cybersecurity, as security protocols exist to counter active threats. Cutting corners may not show immediate consequences, but could cause long-term damage.
• Dornbush: Securing government data takes years, with strict access controls and monitoring. DOGE's lack of transparency in securing data is deeply concerning.
• Leichter: DOGE’s disregard for security protocols is unprecedented. If similar actions occurred in the private sector, it would lead to massive fines and potential criminal liability.

What Specific Actions of DOGE Are Most Concerning?

• Exposure of CIA names: Even if partially redacted, adversaries could reconstruct identities, compromising intelligence personnel.
• Forced access to classified systems: DOGE bypassed security controls, removed officials trying to enforce them, and exceeded necessary access levels.
• Lack of qualified personnel: Unvetted DOGE members with questionable backgrounds now handle highly sensitive government data.

What Needs to Be Done to Secure the Data?

• Baker: DOGE must acknowledge its responsibility for securing data and allow independent audits.
• Dornbush: The safest option is for DOGE to work within existing secure environments rather than removing data from protected networks.
• Leichter: Access must be revoked, data destroyed, and trained cybersecurity professionals reinstated—though such measures seem unlikely under the current administration.

DOGE’s Information Security Strategy: A Black Box

Experts agree that DOGE has not outlined a clear security strategy, nor has it addressed concerns transparently.

• Baker: Still waiting on any official security commitments from DOGE.
• Dornbush: Would like to see a publicly outlined security strategy—right now, none exists.
• Leichter: DOGE appears focused on dismantling government functions rather than securing them. The real question is how quickly judicial intervention can step in, if at all.

As cyber threats from nation-state actors intensify, the haphazard handling of sensitive government data could have far-reaching consequences. The question now is how much damage will be done before accountability kicks in.