CISA Accused of Wasting Federal Funds in Scathing OIG Report
▼ Summary
– A DHS Inspector General report found CISA wasted taxpayer money and endangered its mission through mismanagement of its Cyber Incentive program.
– The program intended to retain cybersecurity staff was marred by widespread waste, fraud, and abuse, including payments to 240 non-cyber support employees.
– CISA failed to maintain proper records while paying over $138 million to more than 40% of staff over four years, with individual payments ranging from $21,000-$25,000 annually.
– The agency violated federal rules and its own policies, most notably by paying $1.4 million in unallowable back pay to 348 recipients without explanation.
– The OIG made eight recommendations to reform the program, all of which CISA has concurred with, including limiting eligibility and improving tracking and oversight.
A blistering new report from the Department of Homeland Security’s Office of Inspector General reveals that the Cybersecurity and Infrastructure Security Agency (CISA) has mismanaged a key employee retention program, resulting in significant misuse of federal funds and potential harm to national cybersecurity readiness. The findings stem from a 2023 hotline complaint that triggered a formal audit of CISA’s Cyber Incentive initiative, originally designed to retain mission-critical cybersecurity staff who might otherwise depart for private sector roles.
Instead of targeting only high-value cyber personnel, the program suffered from what investigators termed “widespread waste, fraud and abuse.” Auditors discovered that 240 employees in non-cyber support roles improperly received incentive payments, potentially demoralizing the very specialists the program was meant to reward. These payments, ranging from $21,000 to $25,000 per person annually, were distributed to over 40% of CISA’s staff, totaling more than $138 million across a four-year period starting in 2020.
The Inspector General’s office emphasized that CISA failed to use taxpayer dollars “efficiently and effectively,” noting a severe lack of oversight. The agency’s chief human capital officer did not maintain records of recipients or payments, and in one particularly troubling finding, $1.4 million in “unallowable” back pay was issued to 348 individuals between 2022 and 2024 without justification.
In response to these critical failures, the OIG issued eight formal recommendations aimed at overhauling the program. These include restricting incentives to truly eligible personnel, developing clear and consistent policy guidance, implementing reliable tracking mechanisms, and transferring management to a separate office. CISA has agreed to adopt all recommended changes, though the report warns that continued mismanagement could lead to talent attrition and heightened vulnerability to cyber threats.
Additional corrective measures call for updated policies on back pay and eligibility, a thorough analysis to resolve improper payments, and a determination on whether funds should be recovered from employees who received them in error. The OIG also stressed the need for periodic reviews to ensure the program aligns with its original intent and complies with DHS regulations.
(Source: InfoSecurity Magazine)
