News Daily


Men's Weekly

Australia

  • Written by The Conversation

A few weeks ago, word started to come out that the newly minted United States Department of Government Efficiency (DOGE) had acquired unprecedented access to multiple US government computer systems.

DOGE employees – tech billionaire Elon Musk and his affiliates – have been granted access to sensitive personal and financial data, as well as other data critical for national security. This has created a national and international outcry, and serious concerns have been raised about data security, privacy and potential influence.

A group of 14 state attorneys-general attempted to have DOGE’s access to certain federal systems restricted, but a judge has denied the request.

Questions of trust

What are the deeper reasons behind this outcry? After all, Musk is far from the first businessman to gain political power.

There is, of course, US President Donald Trump himself, alongside many more on both sides of politics. Most of them kept running their businesses at arm’s length and went back to them after a stint in Washington.

So why are so many people alarmed now, but not before? The key word here is trust. Surveys suggest many people don’t trust Musk with this kind of access.

Does that mean we trusted the others? The foundation of modern cyber security is not to trust anything or anybody in the first place.

So while a lack of trust in Musk is one reason for disquiet, another is a lack of trust in the current state of cyber security in US government systems and procedures. And for good reason.

An insider threat

The situation in the US raises the spectre of what cyber experts call an “insider threat”. These concern cyber security incidents caused by people who have authorised access to systems and data.

Cyber security relies on controlling the so-called “CIA triad” of confidentiality, integrity and availability. Insider threats can compromise all three.

Authentication and subsequent authorisation of access has traditionally been an important measure to prevent cyber incidents from occurring. But apparently, that is not sufficient any more.

Perhaps the most famous insider incident in history is Edward Snowden’s leak of classified documents from the US National Security Agency in 2013. Australia too has had its share of insider breaches – the 2000 Maroochy Shire attack is still a textbook example.

Musk and his DOGE colleagues have now become insiders.

How to reduce the risk of insider threat

There are plenty of strategies organisations can follow to reduce the risk of insider threats:

  • more rigorous vetting of employees

  • giving users only the bare minimum access and privileges they need

  • continuously auditing who has access to what, and restricting access immediately when needed

  • authenticating and authorising users every time they access a different system or file (this is part of what is called a “zero trust architecture”)

  • monitoring for unusual behaviour regarding insiders accessing systems and files

  • developing and nurturing a cyber-aware culture in the organisation.

In government systems, the public should be able to trust these procedures are being rigorously applied. However, when it comes to Musk and DOGE, it seems they are not. And that’s where the core of the problem lies.

Clearances and a lack of care

DOGE employees without security clearance reportedly have access to classified systems which would normally be considered quite sensitive.

However, even security clearances offer no iron-clad guarantees.

Security clearances assume someone can be trusted based on their past. But past performance can never guarantee the future.

Photo of protesters, one holding a placard reading 'GET YOUR PAWS OFF OUR DATA DOGE'.
Not all Americans are happy with DOGE access to government computer systems. John G. Mabanglo/EPA

In the US, obtaining and holding a security clearance has become a status symbol. A clearance may also be a golden ticket to high-paying jobs and power, and hence subject to politics rather than independent judgement.

And it seems little care has been taken to keep users’ access and privileges to a minimum.

You might think DOGE’s employees, tasked with seeking out inefficiency, would only need read-only access to the US government IT systems. However, at least one of them temporarily had “write” access to the systems of the treasury, according to reports, enabling him to alter code controlling trillions in federal spending.

It all comes down to trust

Even if all possible access control and vetting procedures are in place and working perfectly, there will always be the problem of how to declassify information.

Or to put it another way: how do you make somebody forget everything they knew when their clearance or access is revoked or downgraded?

What Musk has seen, he can never unsee. And there is only so much that can be done to prevent this knowledge from leaking.

Even if all procedures to protect against insider threats are followed perfectly (and they aren’t), nothing is 100% secure.

We would still need a certain level of public trust that the obtained data and information would be dealt with responsibly. Has trust in Musk and his affiliates reached that level?

According to recent polling, public opinion is still divided.

Read more https://theconversation.com/insider-threat-cyber-security-experts-on-giving-elon-musk-and-doge-the-keys-to-us-government-it-systems-250046

How to Bulletproof Your Contracts Against Disputes

In the business world, contracts are the backbone of transactions, partnerships and collaborations. Yet even well-meaning agreements can lead to disputes if they’re not carefully drafted by business contract lawyers. To avoid costly legal battles and protect your interests, it's... Read more

Top 5 Providers of SEO Focused Guest Posts in Florida You Can Trust

Many companies today aim to increase their online presence, which is a good use for guest blogging. In guest blogging, you compose content for the benefit of other websites that link back to yours. This promotes your business and increases... Read more

The Role of Litigation Lawyers in Brisbane

Litigation lawyers in Brisbane play a crucial role in the legal landscape, ensuring justice is accessible and efficiently administered for the clients they represent. They have expertise in handling disputes that may result in court proceedings, with their work encompassing... Read more

Edge Computing: Revolutionising Connectivity in the Digital Age

Edge computing is rapidly transforming how organisations process and manage data, bringing computational power closer to where it's most needed. In an increasingly connected world, Microsoft Azure services are at the forefront of this technological revolution, enabling businesses to leverage... Read more

What You Need to Know About Towing a Caravan

Towing a caravan can be an exciting way to explore Australia's vast landscapes, but it also comes with its own set of challenges. Whether you’ve just purchased a new caravan or are browsing caravans for sale, understanding the ins and... Read more

How to curb short-sightedness in kids

Kids should play outside more to reduce the risk of short-sightedness and potential adult blindnessWe are in the grips of a ‘myopia epidemic’: more than 20 per cent of Australians have myopia or short-sightedness, tipped to rise to 50 per... Read more