TZUTC: -0500
MSGID: 1502.consprcy@1:2320/105 2d2ebf8f
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
CISA blasted by US watchdog for wasting funds and retaining the wrong
employees

Date:
Mon, 15 Sep 2025 19:00:00 +0000

Description:
Roughly $183 million was given to CISA in four years to reward the proper
employees.

FULL STORY
======================================================================
 - CISA mismanaged over $138 million in cybersecurity retention funds,
awarding incentives to unqualified or unrelated personnel
 - The agency lacked proper oversight, documentation, and compliance,
undermining its ability to retain critical cybersecurity talent
 - DHS OIG recommended eight corrective actions; seven have been implemented,
with one unresolved concerning recovery of improper payments

The US Cybersecurity and Infrastructure Agency (CISA) mismanaged funds and
failed to properly oversee and document various funding incentives, risking
its ability to retain top cybersecurity talent. 

This is the conclusion of CISA Mismanaged Cybersecurity Retention Incentive
Program and Wasted Funds, Risking Critical Talent Retention, a new report
published by the DHS Office of Inspector General (OIG). 

CISA is a US government agency responsible for protecting critical
infrastructure and leading federal cybersecurity efforts, and apparently - 
its been doing a poor job lately.

Lacking oversight 

In the report, OIG slammed the agency for mismanagement and noncompliance,
claiming the agency failed to properly design, implement, and manage its
Cybersecurity Retention Incentive program. 

As a result, its use of more than $138 million in federal funds, which it
received between 2020 and 2024, was inefficient, by large. Among other 
things, OIG said the agency paid incentives to employees who did not meet
mission-critical, or high-qualification criteria. 

In fact, some recipients held administrative roles unrelated to 
cybersecurity, and 348 individuals received $1.41 million in unallowed back
payments. 

OIG also said CISA lacked oversight and documentation, claiming its Office of
the Chief Human Capital Officer did not maintain accurate records of
recipients or payments, and broadened eligibility requirements without proper
procedures. DHSs oversight was also insufficient, it was added. 

All these things meant CISA was risking cybersecurity talent retention. OIG
argued that the diluted incentive program undermined morale among qualified
cybersecurity professionals and jeopardized CISAs ability to retain critical
talent. 

If CISA continues to offer the Cyber Incentive to a broad swath of its
workforce, circumventing the intent of the program, it risks attrition and
increased vulnerability to cyber threats as well as spending money
unnecessarily, the OIG warned. 

Finally, the agency recommended eight steps to improve program integrity and,
per the document, CISA agreed with all eight of them. Seven already seem to 
be implemented, while the eighth one is currently unresolved, and it revolves
around recovering improper payments made to ineligible employees. 

 Via Cybernews

======================================================================
Link to news story:
https://www.techradar.com/pro/security/cisa-blasted-by-us-watchdog-for-wasting
-funds-and-retaining-the-wrong-employees

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426