Attack Surface Management
,
Government
,
Industry Specific
Trump’s Procurement Tracking Directive Could Expose Vast Government Data to Threats
U.S. President Donald Trump ordered federal agencies to build new technology systems capable of tracking and justifying every single procurement across the government, the world’s largest buyer of goods. If it’s built, such a system could expose vast troves of sensitive data to hacking and foreign manipulation.
See Also: New Attacks. Skyrocketing Costs. The True Cost of a Security Breach.
Trump signed an executive order Wednesday evening directing agencies to work with his Department of Government Efficiency to such as system, mandating that it also include a justification for each payment. The system should have a mechanism for the agency head “to pause and rapidly review any payment.”
When agencies are forced to abruptly innovate without time to develop robust security architectures and conduct rigorous testing, they create an open invitation for attackers, former federal officials and public-sector cybersecurity experts told Information Security Media Group. That exact risk was what led to the creation of the U.S. Digital Service under the Obama administration – before it was rebranded last month as DOGE, largely driven by Trump and his mercurial multi-billionaire adviser, Elon Musk (see: Elon Musk’s Federal Worker Email Sparks ‘Security Nightmare’).
“The rush to build complex systems on the fly is a sure-fire recipe for disaster,” said Terry Dunlap, senior vice president at NetRise and a former global network vulnerability analyst at the National Security Agency. “Expect insecure code, unchecked vulnerabilities, and supply chain pitfalls that could easily let malicious actors slip in undetected.”
Centralizing vast amounts of financial data would also create a high-value target – “a proverbial bullseye on the back of a government agency,” Dunlap said. Hackers, nation states or even rogue insiders could exploit such a repository to wreak havoc on economic stability, compromise sensitive intelligence or even disrupt national infrastructure, he warned.
“In short, it’s a cybersecurity dumpster fire waiting to happen,” he said.
Many of DOGE’s cost-cutting and workforce-shrinking initiatives have stirred controversy, from its demand that civil servants email their often confidential work week accomplishments to cuts at the Cybersecurity and Infrastructure Security Agency (see: CISA Cuts Expose US Critical Infrastructure to New Threats).
House Republicans on Wednesday blocked a Democratic effort to probe DOGE’s access to sensitive federal networks and the impact its cost-cutting measures is having on the cyber workforce, arguing that the federal government is “bloated” and that mass government-wide layoffs were necessary to resolve a growing budget deficit.
The U.S. federal government is the most targeted organization in the world by state sponsored threat actors due to its massive repository of personally identifiable information and sensitive national security data, said Tony Monell, public sector vice president at Black Kite and former senior advisor of cyber policy for the Office of the Secretary of Defense.
“With such a large attack surface of contractors touching USG networks, their cybersecurity vulnerabilities are a means to exploit a centralized system,” Monell told ISMG. Threat actors would be intensely drawn to a centralized repository of contracting data, he said.
DOGE, The White House and the General Services Administration did not immediately respond to requests for comment.