One month following the commencement of his second term, President Trump’s strategies aimed at downsizing the government through extensive layoffs, terminations, and withholding funds designated by Congress have thrown federal cybersecurity and consumer protection initiatives into turmoil. Concurrently, agencies are grappling with a persistent endeavor by the world’s wealthiest individual to seize control over their networks and information.

The Trump administration has terminated a minimum of 130 workers at the federal government’s leading cybersecurity agency — the Cybersecurity and Infrastructure Security Agency (CISA). Those layoffs reportedly involved CISA personnel focused on securing U.S. elections and combating misinformation along with foreign influence operations.

Earlier this week, technicians from Elon Musk’s Department of Government Efficiency (DOGE) arrived at CISA and acquired access to the agency’s email and network files. The DOGE employees include Edward “Big Balls” Coristine, a 19-year-old previous inhabitant of the “Com,” a collection of Discord and Telegram chat rooms that serve as a kind of decentralized cybercriminal social network.

Investigative journalist Jacob Silverman notes that Coristine is the grandson of Valery Martynov, a KGB double agent who worked as a spy for the United States. Silverman recounted how Martynov’s spouse Natalya Martynova migrated to the United States with her two children following her husband’s passing.

“Her son became a police officer in Virginia and occasionally shares comments on blogs concerning his historically notable father,” Silverman penned. “Her daughter became a finance professional and wed Charles Coristine, the owner of LesserEvil, a snack enterprise. Among their offspring is a 19-year-old young man named Edward Coristine, who currently holds an unspecified amount of power and authority over the mechanics of our federal government.”

Another DOGE member is Christopher Stanley, a former senior director for security engineering at X and principal security engineer at Musk’s SpaceX. Stanley, aged 33, experienced notoriety on Twitter in 2015 when he exposed the user database for the DDoS-for-hire service LizardStresser, soon facing threats of physical harm against his family.

My 2015 report on that leak did not mention Stanley by name, but he revealed his identity as the source by uploading a video about it on his YouTube channel. An examination of domain names registered by Stanley indicates he operated under the alias “enKrypt” and previously owned a pirated software and hacking forum named error33[.]net, as well as theC0re, a gaming cheating community.

“A NATIONAL CYBERATTACK”

DOGE has been consistently gaining sensitive network access to federal agencies that maintain an overwhelming quantity of personal and financial data on Americans, such as the Social Security Administration (SSA), the Department of Homeland Security, the Office of Personnel Management (OPM), and the Treasury Department.

Recently, DOGE has sought extensive access to systems at the Internal Revenue Service that house the personal tax details of millions of Americans, including individual earnings, debts, property details, and even child custody arrangement particulars. The New York Times reported on Friday that the IRS had come to an agreement whereby a sole DOGE employee — 25-year-old Gavin Kliger — will be permitted to view only anonymized taxpayer data.

The rapid pace at which DOGE has rifled through one federal database after another in pursuit of uncovering “massive fraud” by governmental agencies has raised concern among numerous security experts, who cautioned that DOGE’s actions have circumvented crucial safeguards and protective measures.

“The most disturbing aspect isn’t merely the access being granted,” noted Bruce Schneier and Davi Ottenheimer, characterizing DOGE as a national cyberattack. “It’s the systematic dismantling of security measures designed to detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by eliminating the career officials responsible for those security measures and substituting them with inexperienced operators.”

Jacob Williams, a former hacker with the U.S. National Security Agency who now serves as managing director of the cybersecurity firm Hunter Labs, stirred considerable attention last week when he stated on LinkedIn that the network breaches by DOGE posed “a greater risk to U.S. federal government information systems than China.”

Williams expressed that although he does not believe anyone at DOGE would deliberately jeopardize the integrity and availability of these systems, it’s widely acknowledged (and not contested) that DOGE integrated code alterations into multiple federal IT systems. He argued that these code modifications are not adhering to the conventional process for reviewing and vetting federal government IT systems.

“For those thinking ‘I’m glad they aren’t adhering to the usual federal government IT processes, which are overly burdensome,’ I understand your perspective,” Williams wrote. “However, another term for ‘red tape’ is ‘controls.’ If you’re comfortable circumventing controls to promote your agenda, I have concerns—primarily about whether you conduct yourselves in this manner during your work hours as well. Please tag your employer when commenting that ‘controls aren’t important’ (particularly if you are employed in cybersecurity). All jokes aside, if you feel at ease disregarding controls for convenience, I urge you to define the boundary that you won’t breach in that respect.”

The DOGE website’s “wall of receipts” boasts that Musk and his team have saved the federal government over $55 billion via staff reductions, lease terminations, and canceled contracts. However, a group of reporters at The New York Times found that the calculations supporting those figures are riddled with accounting errors, flawed assumptions, outdated information, and other inaccuracies.

For instance, DOGE asserted it saved $8 billion on one contract, whereas the actual total was merely $8 million, according to The Times.

“Some

APPOINTMENTS

Trump’s attempts to seize control of federal agencies through their data have resulted in the removal of longstanding civil servants who denied DOGE access to agency networks. CNN reports that Michelle King, serving as the acting commissioner of the Social Security Administration for over 30 years, was dismissed after she refused DOGE access to confidential information.

King has been succeeded by Leland Dudek, who previously held the position of senior advisor in the SSA’s Office of Program Integrity. This week, Dudek shared a now-deleted post on LinkedIn revealing he had been assigned administrative leave for collaborating with DOGE.

“I admit,” Dudek stated. “I pressured agency leaders, disseminated executive contact details, and bypassed the organizational hierarchy to link DOGE with the individuals who facilitate operations. I confess. I inquired about the facts within our agreements to ensure we could make the correct difficult decisions.”

According to Wired, the National Institute of Standards and Technology (NIST) was also preparing for approximately 500 employees to be laid off this week, which could significantly affect NIST’s cybersecurity standards and software vulnerability assessment efforts.

“Additionally, reductions last week at the US Digital Service included the cybersecurity leader for the central Veterans Affairs portal, VA.gov, which could potentially leave VA systems and data more susceptible without someone in that role,” Wired’s Andy Greenberg and Lily Hay Newman reported.

NextGov informs that Trump has appointed a new chief information security officer for the Department of Defense: Katie Arrington, a former South Carolina state legislator who previously directed Pentagon cybersecurity contracting policy before being placed on leave amid allegations that she disclosed classified information from a military intelligence office.

NextGov highlights that the National Security Agency suspended her clearance in 2021, although the exact motives behind the suspension and her subsequent leave remain classified. Arrington contended that the suspension was a politically driven attempt to silence her.

Trump also designated the former chief operating officer of the Republican National Committee as the new director of the Office of National Cyber Director. Sean Cairncross, who lacks formal expertise in technology or security, will be tasked with coordinating national cybersecurity policy, advising the president on cyber threats, and ensuring a cohesive federal reaction to emerging cyber risks, according to Politico reports.

DarkReading reports that Cairncross will share duties in advising the president on cyber issues alongside the director of cyber at the White House National Security Council (NSC)—a group that advises the president on all security matters, not limited to cyber concerns.

CONSUMER PROTECTION?

The president has also instructed personnel at the Consumer Financial Protection Bureau (CFPB) to halt the majority of its activities. Established by Congress in 2011 to serve as a hub for consumer grievances, the CFPB has initiated legal action against several of the largest financial institutions in the U.S. for breaching consumer protection statutes.

The CFPB claims its actions have returned nearly $18 billion to American consumers in the form of financial reparation or wiped debts, as well as enforcing $4 billion in civil monetary penalties against wrongdoers. The CFPB’s website has displayed a “404: Page not found” error for several weeks.

Trump has appointed Russell Vought, the mastermind behind the conservative policy strategy Project 2025, as the acting director of the CFPB. Vought has overtly advocated for the dismantling of the agency, a sentiment shared by Elon Musk, whose plans to transform X into a payment platform would otherwise face oversight from the CFPB.

The New York Times recently unveiled an informative graphic detailing all changes in government staffing, including the dismissals of multiple senior officials, impacting agencies currently under federal investigation or embroiled in regulatory disputes with Musk’s enterprises. Democrats on the House Judiciary Committee have also released a detailed account (PDF) of Musk’s numerous conflicts of interest.

As the Times indicates, Musk and his enterprises have consistently failed to adhere to federal reporting requirements intended to safeguard state secrets, prompting at least three federal evaluations. These include an investigation initiated last year by the Defense Department’s Office of Inspector General. Within four days of assuming office, Trump dismissed the DoD inspector general along with 17 other inspectors general.

Furthermore, the Trump administration has realigned the enforcement priorities of the U.S. Securities and Exchange Commission (SEC) away from prosecuting misconduct in the cryptocurrency industry, reallocating attorneys and renaming theunit to emphasize more on “cyber and advanced technologies.”

Reuters reports that the prior SEC chairman Gary Gensler prioritized combating misconduct in an industry he referred to as the “wild west,” focusing on not just cryptocurrency scammers but also major companies that enable trading like Coinbase.

On Friday, Coinbase announced that the SEC intended to dismiss its lawsuit against the crypto exchange. Also on Friday, the cryptocurrency platform Bybit declared on X that a cybersecurity incident resulted in the loss of over $1.4 billion in cryptocurrencies — marking it as the largest crypto theft in history.

ORGANIZED CRIME AND CORRUPTION

On Feb. 10, Trump directed agencies in the executive branch to cease enforcement of the U.S. Foreign Corrupt Practices Act, which halted foreign bribery investigations and even permitted “remedial actions” for prior enforcement actions considered “unjust.”

Trump’s decree also dismantled the Kleptocracy Asset Recovery Initiative and KleptoCapture Task Force — units that demonstrated their importance in corruption cases and in seizing assets from sanctioned Russian oligarchs — reallocating resources away from probing white-collar crime.

This information comes from the independent Organized Crime and Corruption Reporting Project (OCCRP), an investigative journalism organization that was until recently partially funded by the U.S. Agency for International Development (USAID).

The OCCRP suffered a loss of nearly one-third of its budget and had to lay off 43 journalists and staff members after Trump decided to eliminate USAID and freeze its finances. NBC News reports that the Trump administration intends to significantly reduce the agency, retaining fewer than 300 employees from the current 8,000 direct hires and contractors.

This week, the Global Investigative Journalism Network noted that the abrupt suspension of USAID foreign assistance funding has frozen around $268 million in confirmed grants for independent media and the unrestricted flow of information across more than 30 nations, including several under authoritarian governance.

Elon Musk has labeled USAID “a criminal organization” without substantiation and has circulated fringe theories on his social media platform X asserting that the agency operated unchecked and was filled with fraud. Just months prior to the election, USAID’s Office of Inspector General declared an investigation into USAID’s oversight of Starlink satellite terminals supplied to the Ukrainian government.

KrebsOnSecurity relayed this week that a reliable source revealed that all outgoing emails from USAID now include a notation of “sensitive but unclassified,” a categorization that specialists suggest could complicate journalists’ and others’ efforts to access USAID email records under the Freedom of Information Act (FOIA). On Feb. 20, Fedscoop also reported receiving the same information from various sources, highlighting that the added note is not visible to senders until after the email has been dispatched.

FIVE BULLETS

On Feb. 18, Trump issued an executive order stipulating that only the U.S. attorney general and the president can offer definitive interpretations of the law for the executive branch, and this authority extends to independent bodies operating within the executive branch.

Trump posits that Article II, Clause 1 of the Constitution grants this power to the president. However, jurist.org points out that Article II does not explicitly designate the president or anyone else in the executive branch with the authority to interpret laws.

“The article stipulates that the president is obligated to ‘ensure that the laws be faithfully executed,’” Juris observed. “The jurisdiction to interpret laws and assess constitutionality resides with the judicial branch under Article III. The framers of the Constitution established the separation of powers to prevent any single branch of government from gaining excessive power.”

The executive order mandates that all agencies adhere to “performance standards and management objectives” set forth by the White House Office of Management and Budget, and report periodically to the president.

Those performance evaluations are already being solicited: Employees at various federal agencies reported receiving an email on Saturday from the Office of Personnel Management instructing them to respond with a list of bullet points outlining their accomplishments over the past week.

“Please respond to this email with approximately 5 bullet points detailing what you achieved last week and cc your supervisor,” the communication stated. “Please refrain from sending any classified information, links, or attachments. Deadline is this Monday at 11:59 p.m. EST.”

In a social media update on Saturday, Musk stated that the instruction was issued at the request of President Trump, and that non-compliance would be interpreted as a resignation. Meanwhile, Bloomberg reports that the Department of Justice has been encouraging employees to refrain from responding out of concern that it could result in ethical breaches. The National Treasury Employees Union is also warning its members not to reply.

A legal dispute over Trump’s most recent executive order is expected to arise.over 70 additional lawsuits presently in progress to obstruct the administration’s attempts to significantly diminish the federal workforce via layoffs, dismissals, and attrition.

KING TRUMP?

On February 15, the president shared on social media, “He who protects his Country does not breach any Law,” referencing a quote frequently linked to the French dictator Napoleon Bonaparte. Just four days later, Trump dubbed himself “the king” on social media, while the White House casually shared an image of him adorned with a crown.

Trump has been openly contemplating running for an unconstitutional third term, a proclamation some of his followers brush off as Trump merely attempting to provoke his liberal adversaries. However, shortly after Trump commenced his second term, Rep. Andy Ogles (R-Tenn.) presented a proposal to revise the Constitution so that Trump — along with any future president — could be elected for a third term.

This week at the Conservative Political Action Conference (CPAC), Rep. Ogles allegedly spearheaded a faction of Trump supporters labeled the “Third Term Project,” which aims to garner backing for the proposal from GOP legislators. The event showcased artwork of Trump portrayed as Caesar.

Russia remains among the leading global exporters of cybercrime, narcotics, money laundering, human trafficking, disinformation, warfare, and death, yet the Trump administration has unexpectedly shifted from the Western consensus in normalizing ties with Moscow.

This week President Trump astonished U.S. allies by reiterating Kremlin narratives that Ukraine bears some responsibility for Russia’s aggression, and that Ukrainian President Volodymyr Zelensky is a “dictator.” The president propagated these falsehoods even as his administration insists that Zelensky provide the United States with half of his nation’s mineral wealth in exchange for a commitment that Russia will halt its territorial encroachments.

President Trump’s subservience to a genuine dictator — Russian President Vladimir Putin — does not bode well for initiatives aimed at enhancing the cybersecurity of U.S. federal IT networks, nor for the private sector infrastructures heavily depended upon by the government. Additionally, the administration’s perplexing maneuvers to distance, provoke, and marginalize our closest allies could complicate the United States’ ability to secure their continued cooperation in cybercrime investigations.

It’s also alarming how closely DOGE’s strategy thus far mirrors tactics usually employed by ransomware collectives: A team of twenty-somethings with monikers like “Big Balls” arrives on a weekend, gains entry to your servers, destroys data, locks out essential staff, takes your website offline, and obstructs your ability to serve clients.

When the federal executive begins mimicking ransomware playbooks against its own agencies while Congress largely watches in either astonishment or amusement, we’ve reached a critical juncture. At least in theory, one can negotiate with ransomware operators.