- CISA bad more than $ 138 million in cybersecurity retention funds, granting incentives to unqualified or unrelated personnel
- The agency lacked adequate supervision, documentation and compliance, undermining its ability to retain critical cybersecurity talent
- DHS OIG recommended eight corrective actions; Seven have been implemented, with unresolved with respect to the recovery of inappropriate payments
The cybersecurity and infrastructure agency of the United States infrastructure (CISA) poorly managed funds and did not overcome several financing incentives, risking their ability to retain the best talent of cyber security.
This is the conclusion of the “CISISELADOS CISISELADOS CIBERSEGURITY RETATIVE INTENTIVES PROGRAM, risking the critical retention of talent”, a new report published by the Office of the Inspector General of the DHS (OIG).
CISA is a government agency of the United States responsible for protecting critical infrastructure and leading federal cybersecurity efforts, and apparently, it has been doing poor job lately.
Lack of supervision
In the report, the OIG criticized the agency for poor management and breach, claiming that the agency could not design, implement and adequately manage its cybersecurity retention incentive program.
As a result, its use of more than $ 138 million in federal funds, which received between 2020 and 2024, was inefficient, per large. Among other things, OIG said the agency paid incentives to employees who did not meet the critical or high -qualification mission criteria.
In fact, some recipients had administrative roles not related to cybersecurity, and 348 individuals received $ 1.41 million in back payments without passing.
The OIG also said that CISA lacked supervision and documentation, claiming that his office of the Director of Human Capital did not keep precise records of recipients or payments, and the eligibility requirements extended without adequate procedures. The supervision of the DHS was also insufficient, it was added.
All these things meant that Cisa was risking the retention of cyber talent. The OIG argued that the diluted incentive program undermined morality among qualified cybersecurity professionals and endangers the CISA’s ability to retain critical talent.
“If CISA continues to offer cybernetic incentive to a wide strip of its workforce, avoiding the intention of the program, runs the risk of wear and greater vulnerability to cyber threats, as well as spending money unnecessarily,” warned the OIG.
Finally, the agency recommended eight steps to improve the integrity of the program and, according to the document, CISA agreed with the eight. Seven already seem to be implemented, while the eighth is not currently not resolved, and revolves around the recovery of inadequate payments made to non -eligible employees.
Through Cybernews
