- The CISA has poorly managed more than $ 138 million in cybersecurity detention funds, granting incentives to unskilled or unrelated staff
- The agency lacked monitoring, documentation and appropriate compliance, undergoing its ability to maintain critical talents of cybersecurity
- DHS OIG recommended eight corrective actions; Seven have been implemented, with an unresolved concerning the recovery of inappropriate payments
The American Cybersecurity and Infrastructure Agency (CISA) has poorly managed the funds and has failed to supervise and document various financing incentives, risking its ability to keep the main talents of cybersecurity.
This is the conclusion of the “incentive program for the retention of Cisa cybersecurity and wasted funds, risking critical retention of talents”, a new report published by the DHS Office of Inspector General (OIG).
The CISA is an American government agency responsible for protecting critical infrastructure and directing federal cybersecurity efforts, and apparently – it has done a bad job in recent times.
Missing
In the report, OIG criticized the mismanagement and non-compliance agency, claiming that the agency has failed to design, implement and properly manage its incentive program for the retention of cybersecurity.
Consequently, its use of more than $ 138 million in federal funds, which it received between 2020 and 2024, was ineffective by large. Among other things, OIG said that the agency had paid incentives to employees who did not meet the critical or high quality criteria.
In fact, some beneficiaries have occupied administrative roles unrelated to cybersecurity, and 348 people received $ 1.41 million in payments without calculation.
The OIG also declared that CISA lacked surveillance and documentation, claiming that its office of the head of the human capital had not maintained precise registers of beneficiaries or payments, and expanded the conditions of eligibility without appropriate procedures. Surveillance of the DHS was also insufficient, it was added.
All these things meant that the CISA risked the retention of cybersecurity talents. OIG has argued that the diluted incitement program has undermined morale among the professionals qualified for cybersecurity and endangered the CISA’s ability to keep critical talents.
“If the CISA continues to offer cyber-incitement to a large strip of its workforce, bypassing the intention of the program, it risks attrition and increased vulnerability to cybermenaces as well as spending money unnecessarily,” warned the OIG.
Finally, the agency recommended eight steps to improve the integrity of the program and, according to the document, Cisa agreed with the eight of them. Seven already seem to be implemented, while the eighth is not currently resolved, and it revolves around the recovery of inappropriate payments made to ineligible employees.
Via Cyberness
