- CISA incorrectly managed over $ 138 million in cybersecurity — retarding funds that allocate incentives to non -qualified or non -related staff
- Agency lacked proper supervision, documentation and compliance, undermined its ability to maintain critical cyber security talent
- DHS OIG recommended eight corrective actions; Seven have been implemented with an unclear about the recovery of incorrect payments
The US Cyber Security and Infrastructure Bureau (CISA) incorrectly managed funds and failed to oversee and document various financing incitaments correctly, which risked its ability to maintain top cyber security talent.
This is the conclusion of the “CISA associated administered cyber security storage program and wasted funds at risk of critical talent storage”, a new report published by DHS Office of Inspector General (OIG).
CISA is a US government agency responsible for protecting critical infrastructure and leading federal cyber security efforts, and apparently – it has done a bad job recently.
Lacking supervision
In the report, the OIG agency slammed the Agency for Incorrect Management and Failure to Complete and claimed that the Agency could not design, implement and manage its cybersecurity storage incentive program.
As a result, its use of more than $ 138 million in federal funds, as it received between 2020 and 2024, was largely ineffective. OIG said, among other things, that the agency paid incentives to employees who did not meet mission -critical or high -qualification criteria.
In fact, some recipients had administrative roles not associated with cyber security, and 348 people received $ 1.41 million in non -charged repayments.
OIG also said that CISA lacked surveillance and documentation in which he claimed that its Chief Human Capital Officer Office did not maintain accurate registrations of recipients or payments and expanded the requirements for eligibility without proper procedures. DHS’s supervision was also inadequate, it was added.
All of these things meant CISA risked cybersecurity talent storage. OIG argued that the diluted incentive program undermined morality among qualified professionals in cyber security and danger of CISA’s ability to preserve critical talent.
“If CISA continues to offer the cyberincitament to a broad cut of its workforce that bypasses the program’s intention, it risks the attrition and increased vulnerability to cyber threats and spend money unnecessarily,” Oig warned.
Finally, the agency recommended eight steps to improve the program integrity, and according to the document, CISA agreed with all eight of them. Seven appears to be implemented, while the eighth is currently unresolved, and it is about recovering incorrect payments made to non -eligible employees.
Via Cygenerws
