02-06-2025
DOGE days aren't over
Driving the day
— Elon Musk has officially left the so-called Department of Government Efficiency. But experts warn that the billionaire businessperson could take the trove of data DOGE amassed with him — and that the agency's digging around federal data systems may well carry on.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I hope everyone had a nice weekend! I finally tried Honeymoon Chicken, and I'll be adding them to my takeout rotation. Hit me up with restaurant recommendations, gossip or news tips at dnickel@
Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
ICYMI: The Conversation kicked off with Dr. Oz
In the premiere episode of The Conversation, Dasha Burns sat down with Dr. Mehmet Oz — now leading the Centers for Medicare and Medicaid Services — for a candid talk on drug prices, potential Medicaid cuts and why he's getting early morning calls from President Donald Trump. Plus, POLITICO's Jonathan Martin dished on the Ohio governor's race (featuring Elon Musk, Vivek Ramaswamy and former Ohio State football coach Jim Tressel), and Kyle Cheney unpacked Trump's legal battle over 'Liberation Day' tariffs.
Watch the full episode on YouTube. And don't miss a moment — subscribe now on Apple Podcasts or Spotify to get new episodes when they drop.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
Today's Agenda
The Special Competitive Studies Project holds its AI+ Expo. 9 a.m.
Happening This Week
ON WEDNESDAY — The House Energy and Commerce Communications and Technology Subcommittee holds a hearing on 'AI in the Everyday: Current Applications and Future Frontiers in Communications and Technology.' 10:30 a.m.
The House Intelligence National Security Agency and Cyber Subcommittee holds a closed hearing on the fiscal 2026 budget request for the National Security Agency. 1:30 p.m.
ON THURSDAY — The Senate Homeland Security and Governmental Affairs Committee holds a hearing on the nominations of Sean Cairncross as White House national cyber director and Sean Plankey as director of the Cybersecurity and Infrastructure Security Agency. 9:30 a.m.
At the Agencies
ELON'S GONE — After a fraught four months at the helm, Elon Musk officially stepped back from his role atop the so-called Department of Government Efficiency last week.
Under his direction, DOGE staffers carried out a slash-and-burn policy across the federal government, including the Education and Defense departments, CISA and the U.S. Census Bureau. Musk's team also accessed vast amounts of sensitive information on millions of Americans through federal agency databases.
'Having personal information about someone confers the government a certain amount of power. Having a lot of personal information about a lot of people confers a lot of power,' said John Davisson, senior counsel and director of litigation at the Electronic Privacy Information Center. 'DOGE has recognized this correctly, and they have acted on that.'
Even as Musk formally steps back, questions remain about the data accessed by his cost-cutting group and where it ended up, as well as how it could benefit him as he returns to the private sector. DOGE has also made clear that its work is far from finished.
— Let's catch up: DOGE has faced a deluge of litigation over its access to federal databases and the lack of transparency surrounding what the team plans to do with all the data.
Experts and lawmakers have also expressed alarm over reports of DOGE staff funneling data out of networks without a clear destination or storage plan could be an easy target for cybercriminals or U.S. adversaries, and emphasized that the agency's reported plans to build a master database of information on immigrants could be a target for cybercriminals.
'It's a pretty fundamental principle of data security that you don't aggregate more data than you need to, don't provide more access than you need to,' Davisson said.
'When you start to create an even bigger honeypot that nation-state hackers will be interested in, the security risk just grows,' he added.
Broad access to sensitive information can also hurt the country's national security efforts, according to Lily Li, a data privacy lawyer and founder of cybersecurity law firm Metaverse Law.
Li pointed to reports of DOGE's access to systems at the Office of Personnel Management, whose network previously fell victim to a massive security breach.
'OPM maintains sensitive information for current and former government personnel, including FBI agents, government officials, active military and veterans,' she told your host. 'This information is not just personally sensitive, but contains information that impacts U.S. national security interests.'
— Back to business: Musk is leaving the federal government to return to his businesses, which have taken a bruising in his absence.
Li told MC that she wouldn't be surprised if he leveraged his DOGE experience, coupled with his access to federal payments data, to boost his business dealings.
'Whether or not he does this with his legally obtained know-how or through more questionable access to U.S. sensitive data remains to be seen,' Li said.
Davisson agreed, adding that the information gleaned from agencies like the Securities and Exchange Commission and the Consumer Financial Protection Bureau could prove useful in the future.
'A lot of that [data] includes commercial, trade secret-protected information on competitors to Elon Musk's businesses,' he said.
— Troubled waters ahead: Experts warn that the DOGE task force will likely continue working to access data across government agencies.
POLITICO reported last week that DOGE staffers have been hired as permanent government employees inside federal agencies.
Elizabeth Laird, director of equity in civic technology for the Center for Democracy and Technology, told your host that although Musk is stepping away from DOGE, 'it does not appear that this administration's bottomless hunger for collecting, accessing and compiling sensitive, individual-level data will be quenched anytime soon.'
Musk seemed to confirm this sentiment. In his exit announcement on X, he wrote that DOGE's 'mission will only strengthen over time as it becomes a way of life throughout the government.'
On The Hill
CYBER ON DECK — The Senate Homeland Security Committee will officially hold nomination hearings for two top cybersecurity positions in the Trump administration this week.
Sean Plankey, President Donald Trump's pick to head CISA, will have his long-awaited confirmation hearing before the panel on Thursday. Plankey, a cyber alum from the first Trump administration, is widely respected in the industry and expected to glide through his nomination.
The hearing will also include Sean Cairncross, who Trump tapped in February for national cyber director. Though Cairncross, a former RNC official, lacks cybersecurity experience, officials have expressed cautious optimism about him in the role.
— Not all smooth sailing ahead: Sen. Ron Wyden (D-Ore.) has pledged to block Plankey's nomination unless CISA releases a 2022 report on security issues within the U.S. telecommunications sector. The Trump administration has not yet released the report, so a confirmation vote on Plankey could still face a fight in the Senate.
The International Scene
'INTENSIFYING' ESPIONAGE — The Netherlands' Defense Minister Ruben Brekelmans is warning that China is stepping up its espionage on Dutch semiconductors, POLITICO's Rory O'Neill reported.
'The semiconductor industry, which we are technologically leading … to get that intellectual property — that's interesting to China,' Brekelmans told Reuters on Saturday on the sidelines of the Shangri-La Dialogue security forum in Singapore.
Dutch intelligence services previously cautioned of Chinese spying on the aerospace, maritime and semiconductor industries. Brekelmans said the threat is 'continuing.'
'In our newest intelligence reports, our intelligence agency said that the biggest cyber threat is coming from China.'
FIRST OF ITS KIND — Australia is making ransomware policy history with a new law requiring victims to declare to the government any extortion payments made on their behalf to hackers.
The law, enacted on Friday, makes Australia the first country to pass such legislation on ransomware payments. It applies to a group of specific organizations within critical infrastructure sectors or entities with an annual turnover of 3 million Australian dollars or more. Under the law, entities will have to report ransomware payments to the Australian Signals Directorate within 72 hours.
— Elsewhere: A similar law was introduced in the U.K. earlier this year in an effort to ban privately owned critical infrastructure entities or public sector organizations — like hospitals or schools — from paying the ransom to cybercriminals.
Vulnerabilities
FIRST IN MC: GOING PHISHING — Hackers are using Glitch, a coding platform for developers to share and remix apps, to create phishing campaigns to target customers at Navy Federal Credit Union, according to a new report from cybersecurity firm Netskope Threat Labs.
The report, out today, found that these attacks have affected more than 830 organizations and over 3,000 users since January. Members of Navy Federal Credit Union were the hackers' primary target.
Researchers found that the hackers abused Glitch's features to host their phishing pages for free across multiple projects. The app's 'remix' feature allows hackers to set up multiple phishing pages within minutes, according to the report.
Quick Bytes
STUDENT DATA — Funding is drying up for a service that alerts schools to cybercrime and offers solutions, reports Jill Barshay for The Hechinger Report.
B.Y.O. AI MODELS — Google quietly released an app that lets users run a variety of openly available AI models locally, reports Kyle Wiggers for TechCrunch.
DATA CENTER PUSHBACK — Some local lawmakers are pushing back against states' efforts to incentivize data center build-outs, writes Marc Levy for The Associated Press.
Chat soon.
Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@