Elon Musk striking the same contemplative pose in twelve colorized panels, evoking irony and media spectacle.” width=”970″ height=”638″ data-caption=’Elon Musk, rendered in a Warhol-esque grid of performative genius, now presides over a shadow agency accused of letting Russian actors into federal systems. The performance continues—even as the fire spreads. <span class=”lazyload media-credit”>Getty Images</span>’>
Last week, this column warned that President Donald Trump is playing politics with American cybersecurity as our adversaries prepare for war, while a possible “Cyber Pearl Harbor” looms. This week, things have only gotten worse.
The cybersecurity world was stunned by Tuesday’s revelation that the administration plans to immediately cease federal funding for the Common Vulnerabilities and Exposures Program, which since 1999 has served as a public clearinghouse for identified information security vulnerabilities and exposures. For a quarter-century, the CVE Program had been funded by the federal government, for most of that time via the Department of Homeland Security, and hosted by the MITRE Corporation, a federally-funded research and development center (that is, a think-tank bankrolled by the feds).
Since the CVE Program isn’t involved in any politics and was considered wholly uncontroversial in the cybersecurity world, news of its abrupt cancellation left many experts aghast. Why did the Trump administration seek to kill such a linchpin of global cybersecurity, which provides the public with critical data and services for digital defense and research? One Washington, DC, cyber-guru with long experience in the industry, whom I’ve known for years, termed the move “incomprehensible” and “almost impossible to explain outside sheer stupidity.”
Outrage over the cancellation of the CVE Program, for no apparent reason and without White House explanation, mounted fast. Another needless public relations debacle wasn’t what Team Trump needed, and it was rescued by the rapid action taken by the Cybersecurity and Infrastructure Security Agency. CISA offered the CVE Program a lifeline with a contract extension and incremental funding to keep it alive, but only for 11 months. This is a temporary fix, a jury-rigged cyber band-aid—not a bona fide solution.
Besides, the Trump administration has its knives out for CISA too, with reported plans to terminate one-third of its workforce. The administration’s animus towards CISA, and American cybersecurity generally, was made plain by the president’s announcement last week that he’s pulling the security clearances of Chris Krebs, Trump’s own choice to head CISA in his first term, due to Krebs’ insufficient fealty to Trump and the MAGA cause. Trump publicly denounced Krebs as “a traitor” while placing him under Justice Department investigation.
Krebs is a widely respected figure in the cyber world, and his targeting by the White House sent a chill throughout the community. Now, his career has fallen apart. Pulling the security clearances of Krebs and those associated with him effectively killed his private cybersecurity firm, SentinelOne. Krebs has just stepped aside to save the firm, announcing that he will fight the Trump administration, a struggle that “ will require my complete focus and energy. It’s a fight for democracy, for freedom of speech, and for the rule of law. I’m prepared to give it everything I’ve got.”
Why the Trump administration is choosing to accelerate its war against American cybersecurity, without any detectable concern for its national security ramifications, is a question nobody outside the White House can truly answer yet. Dark thoughts have entered the conversation thanks to claims made by a whistleblower this week regarding alleged cyber malfeasance by employees of Elon Musk’s Department of Government Efficiency. According to the complaint, which was addressed to the leadership of the Senate Intelligence Committee, the whistleblower is Daniel Berulis, an IT staffer at the National Labor Relations Board.
Berulis asserts that DOGE staffers assigned to the NLRB, ostensibly to assess its effectiveness, engaged in suspicious and possibly illegal activities, based upon their unusually broad access to NLRB’s IT systems, including seeing sensitive case files. Berulis claims that he detected DOGE’s removal of some 10 gigabytes worth of data from NLRB’s network, and that his efforts to alert CISA about this unusual activity were thwarted by his superiors.
Most seriously, during an appearance this week on CNN, Bertulis, with his attorney, amplified his accusations. In particular, his attorney claimed that DOGE was letting Russians into NLRB systems by giving them “usernames and passwords. Within 15 minutes of those accounts being created, somebody or something from Russia tried to log in with the right username and right passwords—that is to say, the right credentials. And that happened over 20 times.”
That claim, if true, is astonishing and raises grave counterintelligence concerns about DOGE and its true agenda. Since Musk has hired dubious characters to staff DOGE, including known hackers and associates of cyber criminals, none of whom have received standard federal security vetting, many unsettling scenarios are possible.
It’s no surprise that DOGE, with its cavalier attitude towards basic security procedures, was recently denounced as an unprecedented “counterintelligence nightmare” by Michelle Van Cleave, the former boss of U.S. counterintelligence. Revealingly, Van Cleave, who was appointed by President George W. Bush and is no left-winger, left open the possibility that Musk may be secretly serving America’s enemies as DOGE tears apart the federal government. It doesn’t reassure that Russian President Vladimir Putin just hailed Musk as a heroic figure while comparing him to pioneering Soviet cosmonauts of the 1960s.
Perhaps it’s no wonder that President Trump doesn’t fully trust his First Buddy, either. Last month, Trump cancelled Musk’s involvement in a Top-Secret Pentagon briefing on U.S. war plans against China since the president assessed that the DOGE head “has a lot of business in China and he has good relations there, and this briefing just wasn’t the right thing.”
If Elon Musk isn’t trustworthy enough to be briefed on Top-Secret information, why has he been empowered to reshape the federal government without any effective oversight?
John R. Schindler served with the National Security Agency as a senior intelligence analyst and counterintelligence officer
