From workforce losses to spyware attacks, federal cybersecurity faces a stress test
As federal cyber defenses face mounting strain, a reporter close to the issue sees worrying signals: shrinking agency workforces, dismantled intelligence hubs and adversaries using advanced spyware against U.S. operations.
In a new episode of the Cyber Focus podcast, Federal News Network’s Justin Doubleday joined host Frank Cilluffo to connect the dots between his recent reporting and the broader challenges facing government cybersecurity.
Workforce turbulence at CISA
Doubleday pointed first to the exodus at the Cybersecurity and Infrastructure Security Agency (CISA). He noted that the full scope of the cuts is still unfolding.
“A lot of [the departed federal cyber workers are] on the books until October 1, and so we’re kind of waiting to see exactly how many folks left and where the dust kind of settles as we get into the fall,” Doubleday said.
That attrition, combined with probationary firings under DHS’ Cybersecurity Talent Management System, has cast doubt on a program meant to attract and retain top talent. “The probationary firings certainly cast a little bit of a negative light on the idea of joining the Cyber Talent Management System, because … you could be fired with a snap of a finger,” Doubleday explained.
ODNI cuts and the loss of CTIIC
The Office of the Director of National Intelligence is also undergoing deep budget reductions, including shutting down its Cyber Threat Intelligence Integration Center (CTIIC). That move, Doubleday warned, could set back efforts to coordinate threat analysis across the intelligence community.
“I think there’s concern that [with ODNI shutting down CTIIC] you’re now going to go back to a situation where you have disparate views kind of bubbling up from across the intelligence community and you don’t have that single source of truth at the top that’s helping to sort things out for leaders,” he said.
Cartels and commercial spyware
Perhaps the most startling story Doubleday recounted was a case in Mexico in which El Chapo’s cartel used spyware and hacked into city surveillance cameras to track the movements of an FBI legal attaché. The breach endangered U.S. sources and underscored how easily commercial tools can be weaponized.
“Commercial spyware is much more easily accessible for a range of groups and individuals. And it’s almost impossible to detect when spyware has gotten onto a phone of an individual, even for a cyber expert,” Doubleday said.
Policy lag and delayed implementation
Reflecting on the spyware threat, Doubleday acknowledged a familiar pattern: “It seems as if we’re always a little bit behind the eight ball.” Cilluffo added that too often the U.S. lets adversaries shape its response, with major events driving action only after the fact – a dynamic he called understandable but ultimately unacceptable.
The Department of Defense’s long-delayed Cybersecurity Maturity Model Certification (CMMC) rules and Treasury’s “Do Not Pay” database are other cases in point. Both were designed years ago to shore up security and trust in government programs, yet only now are they being fully enforced. For Doubleday, their slow rollout is another reminder of how federal cyber policy often trails the threats it’s meant to address. “As it goes with technology and cybersecurity, things are often nice to have until they’re necessary,” he said.
You can watch the full episode and subscribe to Cyber Focus here.