1. Forum
  2. FidoNet
  3. CONSPRCY

  • CISA blasted by US watchd

    From Mike Powell@1:2320/105 to All on Tue Sep 16 10:35:13 2025
    CISA blasted by US watchdog for wasting funds and retaining the wrong
    employees

    Date:
    Mon, 15 Sep 2025 19:00:00 +0000

    Description:
    Roughly $183 million was given to CISA in four years to reward the proper employees.

    FULL STORY ======================================================================
    - CISA mismanaged over $138 million in cybersecurity retention funds,
    awarding incentives to unqualified or unrelated personnel
    - The agency lacked proper oversight, documentation, and compliance, undermining its ability to retain critical cybersecurity talent
    - DHS OIG recommended eight corrective actions; seven have been implemented, with one unresolved concerning recovery of improper payments

    The US Cybersecurity and Infrastructure Agency (CISA) mismanaged funds and failed to properly oversee and document various funding incentives, risking
    its ability to retain top cybersecurity talent.

    This is the conclusion of CISA Mismanaged Cybersecurity Retention Incentive Program and Wasted Funds, Risking Critical Talent Retention, a new report published by the DHS Office of Inspector General (OIG).

    CISA is a US government agency responsible for protecting critical infrastructure and leading federal cybersecurity efforts, and apparently -
    its been doing a poor job lately.

    Lacking oversight

    In the report, OIG slammed the agency for mismanagement and noncompliance, claiming the agency failed to properly design, implement, and manage its Cybersecurity Retention Incentive program.

    As a result, its use of more than $138 million in federal funds, which it received between 2020 and 2024, was inefficient, by large. Among other
    things, OIG said the agency paid incentives to employees who did not meet mission-critical, or high-qualification criteria.

    In fact, some recipients held administrative roles unrelated to
    cybersecurity, and 348 individuals received $1.41 million in unallowed back payments.

    OIG also said CISA lacked oversight and documentation, claiming its Office of the Chief Human Capital Officer did not maintain accurate records of
    recipients or payments, and broadened eligibility requirements without proper procedures. DHSs oversight was also insufficient, it was added.

    All these things meant CISA was risking cybersecurity talent retention. OIG argued that the diluted incentive program undermined morale among qualified cybersecurity professionals and jeopardized CISAs ability to retain critical talent.

    If CISA continues to offer the Cyber Incentive to a broad swath of its workforce, circumventing the intent of the program, it risks attrition and increased vulnerability to cyber threats as well as spending money unnecessarily, the OIG warned.

    Finally, the agency recommended eight steps to improve program integrity and, per the document, CISA agreed with all eight of them. Seven already seem to
    be implemented, while the eighth one is currently unresolved, and it revolves around recovering improper payments made to ineligible employees.

    Via Cybernews

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-blasted-by-us-watchdog-for-wasting -funds-and-retaining-the-wrong-employees

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)