Subj : CISA blasted by US watchd
To   : All
From : Mike Powell
Date : Tue Sep 16 2025 10:35 am

CISA blasted by US watchdog for wasting funds and retaining the wrong
employees

Date:
Mon, 15 Sep 2025 19:00:00 +0000

Description:
Roughly $183 million was given to CISA in four years to reward the proper
employees.

FULL STORY
======================================================================
- CISA mismanaged over $138 million in cybersecurity retention funds,
awarding incentives to unqualified or unrelated personnel
- The agency lacked proper oversight, documentation, and compliance,
undermining its ability to retain critical cybersecurity talent
- DHS OIG recommended eight corrective actions; seven have been implemented,
with one unresolved concerning recovery of improper payments

The US Cybersecurity and Infrastructure Agency (CISA) mismanaged funds and
failed to properly oversee and document various funding incentives, risking
its ability to retain top cybersecurity talent.

This is the conclusion of CISA Mismanaged Cybersecurity Retention Incentive
Program and Wasted Funds, Risking Critical Talent Retention, a new report
published by the DHS Office of Inspector General (OIG).

CISA is a US government agency responsible for protecting critical
infrastructure and leading federal cybersecurity efforts, and apparently -
its been doing a poor job lately.

Lacking oversight

In the report, OIG slammed the agency for mismanagement and noncompliance,
claiming the agency failed to properly design, implement, and manage its
Cybersecurity Retention Incentive program.

As a result, its use of more than $138 million in federal funds, which it
received between 2020 and 2024, was inefficient, by large. Among other
things, OIG said the agency paid incentives to employees who did not meet
mission-critical, or high-qualification criteria.

In fact, some recipients held administrative roles unrelated to
cybersecurity, and 348 individuals received $1.41 million in unallowed back
payments.

OIG also said CISA lacked oversight and documentation, claiming its Office of
the Chief Human Capital Officer did not maintain accurate records of
recipients or payments, and broadened eligibility requirements without proper
procedures. DHSs oversight was also insufficient, it was added.

All these things meant CISA was risking cybersecurity talent retention. OIG
argued that the diluted incentive program undermined morale among qualified
cybersecurity professionals and jeopardized CISAs ability to retain critical
talent.

If CISA continues to offer the Cyber Incentive to a broad swath of its
workforce, circumventing the intent of the program, it risks attrition and
increased vulnerability to cyber threats as well as spending money
unnecessarily, the OIG warned.

Finally, the agency recommended eight steps to improve program integrity and,
per the document, CISA agreed with all eight of them. Seven already seem to
be implemented, while the eighth one is currently unresolved, and it revolves
around recovering improper payments made to ineligible employees.

Via Cybernews

======================================================================
Link to news story:
https://www.techradar.com/pro/security/cisa-blasted-by-us-watchdog-for-wasting
-funds-and-retaining-the-wrong-employees

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.