Within a matter of weeks, the US government has faced what could be the most significant cybersecurity incident in its past—not via an intricate cyber assault or an instance of international espionage, but rather through formal directives from a wealthy individual with an indistinct governmental role. The ramifications for national security are substantial.
Initially, it was revealed that individuals linked to the freshly established Department of Government Efficiency (DOGE) had gained entry to the US Treasury computer network, enabling them to gather data and potentially influence the department’s approximately $5.45 trillion in annual federal disbursements.
Subsequently, we uncovered that unvetted DOGE staff had accessed classified information from the US Agency for International Development, potentially duplicating it onto their own systems. Following that, the Office of Personnel Management—which possesses detailed personal information on millions of federal workers, including those holding security clearances—was breached. Next, records from Medicaid and Medicare were also compromised.
Simultaneously, only partially redacted identities of CIA staff were transmitted via an unclassified email account. It has been reported that DOGE personnel are inputting Education Department data into AI software, and they have additionally started collaborating with the Department of Energy.
This narrative is developing rapidly. On Feb. 8, a federal judge prohibited the DOGE team from further accessing the Treasury Department systems. However, since DOGE employees have already duplicated data and possibly installed and altered software, it remains uncertain how this resolution will address the issue.
Regardless, unauthorized access to additional vital government systems is likely to persist unless federal personnel uphold the protocols designed to safeguard national security.
The systems that DOGE is interfering with are not merely obscure aspects of our nation’s framework—they are the vital components of government.
For instance, the Treasury Department systems house the technical blueprints detailing how the federal government manages monetary transactions, while the Office of Personnel Management (OPM) network includes information regarding who and what organizations are employed and contracted by the government.
The uniqueness of this occurrence lies not only in its magnitude but also in the nature of the assault. Foreign adversaries typically invest years trying to infiltrate government systems such as these, employing stealth to remain unnoticed while meticulously concealing any signs of their presence. The Chinese government’s 2015 breach of OPM represented a notable failure in US security and highlighted how personnel data can identify intelligence officers and endanger national security.
In this scenario, outside parties with limited expertise and scant supervision are operating openly under intense public scrutiny: acquiring the highest levels of administrative access and modifying some of the United States’ most sensitive networks, potentially creating new security vulnerabilities along the way.
However, the most disturbing element isn’t just the access granted. It’s the methodical breakdown of security protocols designed to detect and prevent misuse—such as standard incident response procedures, auditing, and change tracking mechanisms—by ousting the career professionals responsible for those security measures and substituting them with inexperienced operators.
The Treasury’s computer systems have such a vital impact on national security that they were devised with the same guiding principle as nuclear launch protocols: No single individual should wield unrestricted power. Just as the launch of a nuclear missile necessitates two separate officers turning their keys simultaneously, alterations to critical financial systems traditionally require multiple authorized personnel acting in unison.
This principle, known as “separation of duties,” isn’t just bureaucratic formality; it’s a fundamental security cornerstone as old as banking itself. When your local bank processes a significant transfer, it mandates two different employees to confirm the transaction. When a corporation issues a substantial financial report, distinct teams are required to review and approve it. These are not merely formalities—they are essential defenses against corruption and errors. These protocols have been circumvented or disregarded. It’s akin to someone discovering how to rob Fort Knox by simply declaring that the new official policy permits firing all the guards and allowing unsupervised access to the vault.
The ramifications for national security are astounding. Sen. Ron Wyden mentioned that his office had been informed that the attackers obtained privileges permitting them to modify core programs within Treasury Department computers that verify federal payments, access encrypted keys safeguarding financial transactions, and alter audit records documenting system changes. Over at OPM, reports suggest that individuals associated with DOGE connected an unauthorized server to the network. They are also reportedly training AI software on all this sensitive information.
This situation is far more critical than the initial unauthorized access. These new servers possess unknown capabilities and configurations, and there’s no indication that this new code has undergone any stringent security testing protocols. The AIs being trained are certainly not secure enough for this kind of information. All present ideal targets for any adversary, whether foreign or domestic, seeking access to federal data.
There’s a reason why every modification—hardware
or software—access to these networks undergoes a complicated planning phase and incorporates advanced access-control systems. The dilemma for national security is that these networks have become significantly more susceptible to perilous intrusions, coinciding with the fact that the legitimate system operators trained to safeguard them have been locked out.
By altering essential systems, the intruders have not only jeopardized ongoing operations but also left behind weaknesses that could be capitalized on in future breaches—providing adversaries like Russia and China an unprecedented chance. These nations have long sought to infiltrate these networks. Their objective extends beyond mere intelligence gathering; they also wish to comprehend how to disrupt these systems during a crisis.
Now, the technical specifics regarding the functioning of these networks, their security standards, and their vulnerabilities are potentially accessible to unknown entities without the usual protective measures. Instead of having to breach heavily secured digital barriers, these entities can merely stroll through entrances that are left ajar—and subsequently erase traces of their actions.
The security ramifications cover three crucial domains.
First, system manipulation: External agents can now modify operations while simultaneously altering audit logs that would track their modifications. Second, data exposure: Beyond accessing private data and transaction histories, these agents can replicate entire system frameworks and security setups—in one instance, the technical blueprint for the nation’s federal payment system. Third, and most importantly, is the matter of system control: These agents can modify core systems and authentication protocols while disabling the very mechanisms intended to detect such alterations. This goes beyond merely modifying operations; it involves altering the underlying infrastructure that supports those operations.
To mitigate these vulnerabilities, three urgent actions are necessary. First, unauthorized access must be revoked and proper authentication protocols reinstated. Next, thorough system monitoring and change management need to be restored—which, given the challenge of sanitizing a compromised network, may necessitate a total system reset. Finally, exhaustive audits must be carried out of all system modifications made during this timeframe.
This transcends politics—this is a critical matter of national security. Foreign intelligence agencies will be quick to exploit both the turmoil and the emerging vulnerabilities to seize U.S. data and establish backdoors for future entry.
Each day of continued unrestricted access complicates eventual recovery and heightens the risk of irreversible harm to these vital networks. While the complete impact may take time to evaluate, these actions represent the bare minimum needed to initiate the restoration of system integrity and security measures.
Assuming that anyone in the government still prioritizes this issue.
This article was composed with Davi Ottenheimer, and initially appeared in Foreign Policy.