Three days after the attack, the government website DOGE.gov is still showing signs of being hacked. Cybersecurity experts say that the lax approach to data protection could be a violation of federal cybersecurity standards. Last week, DOGE.gov, owned by the Department of Government Efficiency, headed by Elon Musk, was the target of a massive cyberattack.
The hackers accessed the database through public resources and left messages mocking the site’s security (as of February 18, Reddit experts were still finding pages with traces of the hack). The site violated the Federal Information Security Modernization Act (FISMA) and other regulations, and is hosted on the unsecured Cloudflare Pages platform without adhering to the security standards stipulated by FISMA and FedRAMP, which require federal agencies to provide minimum security standards even for unclassified data.
For contractors, this means using accredited platforms with the appropriate permission to process data. However, DOGE.gov likely does not meet these requirements. Security experts believe that the data and reputation of government services are at risk because the ministry ignores generally accepted cybersecurity rules. Even private contractors working with the public sector are required to undergo thorough audits and adhere to high standards. The DOGE.gov incident illustrates the risks associated with ignoring cybersecurity requirements.
90 
87 
634 