“

The U.S. Cybersecurity & Infrastructure Security Agency has made a grave error in cybersecurity measures resulting in a breach of basic protections. On the agency’s homepage, a message instructed unlawfully fired employees to submit personally identifiable information through a password-protected email. This lapse in security is concerning, especially in a federal agency responsible for protecting critical infrastructure and cybersecurity within the United States.

Reinstatement of Fired CISA Employees

• On March 13, a Maryland district court judge ordered the reinstatement of over 130 probationary CISA employees who were terminated.
• The Trump administration announced their reinstatement but placed them on paid administrative leave.
• Nearly 25,000 fired federal workers are in the process of being rehired.
• The administration is actively trying to reach out to unlawfully terminated employees.

The request from the administration for sensitive information was highly risky as email communication is vulnerable to interception. This request, which instructed employees to include passwords in their messages, essentially defeats the purpose of encryption and poses a significant security risk. Furthermore, antivirus and security scanners may struggle to inspect password-protected files, potentially allowing malware to infiltrate the system through submitted files.

Lack of Basic Security Measures

• The administration’s careless handling of sensitive data mirrors past incidents, such as the CIA’s unencrypted email containing employee information.
• This disregard for cybersecurity basics can have severe consequences, as even small pieces of information can pose risks to national security.
• The termination of probationary federal employees, including those from the NSA, may have detrimental effects on U.S. cybersecurity operations.

The message to fired CISA workers and other concerning actions, such as seeking to replace government networks with unvetted providers like Starlink, highlight the administration’s disregard for fundamental security practices.

Starlink and Government Internet Access

• Instances of the government exploring commercial providers like Starlink raise security concerns due to possible vulnerabilities.
• Some agencies, including the General Services Administration, have adopted Starlink at the request of Musk’s team.
• Installing unvetted internet providers introduces additional security risks and potential attack vectors.

Implications of Unsecured Practices

• The hasty decisions to fire federal workers and adopt unvetted solutions may jeopardize national security.
• The appointment of unqualified individuals to critical positions, like Stanley’s abrupt resignation from the Fannie Mae board, raises questions about oversight and vetting processes.
• The dismantling of institutional structures, including the removal of inspectors general, can lead to increased opportunities for fraud and abuse within the government.

In conclusion, the administration’s actions underscore the importance of upholding basic cybersecurity measures and ensuring proper vetting and oversight in critical government roles. By neglecting these practices, the administration puts national security and sensitive information at risk, highlighting the need for stronger cybersecurity protocols and accountability in government operations.