Op-Ed: Laurie Buckhout: It might be counterintuitive, but cybersecurity could be a target of DOGE
It might seem counterintuitive to put cybersecurity at the top of the to-do list of an organization designed to cut government, but there is plenty of waste to be found, Laurie Buckhout writes.
Over the past several months it has been revealed just how deeply the People’s Republic of China (PRC) has penetrated America’s critical infrastructure networks.
In the still-unfolding “Salt Typhoon” campaign, hackers breached our nation’s leading telecommunication networks. For months, perhaps years, they remained — watching, listening, and storing the texts, emails, documents, and conversations of an untold number of Americans.
What’s more, we know this persistent surveillance was done on top national security officials, diplomats, and even the incoming President and Vice President. When briefed on the matter, incoming Secretary of State Marco Rubio called the hack “the most disturbing and widespread incursion into our telecommunications systems in the history of the world.”
Soon after this was revealed, we also learned of the PRC’s malicious intrusion into the unclassified communications withing the Department of the Treasury and its Committee on Foreign Investment in the United States (CFIUS).
CFIUS, the government agency tasked with reviewing the foreign investments and real estate transactions in U.S. that might pose a national security risk, is the federal implement to prevent the purchase of land near military bases, for instance. And, appearing on 60 Minutes this week, FBI Director Christopher Wray revealed that the PRC has also penetrated other critical infrastructure across the country, including our water systems and power generation facilities.
Given the harmful and persistent nature of these threats, the federal government, in partnership with the private sector, must do more to assure our cyber defenses. This should be should be one of the first targets for President Donald Trump’s Department of Government Efficiency (DOGE) — led by Elon Musk and Vivek Ramaswamy. It might seem counterintuitive to put cybersecurity at the top of the to-do list of an organization designed to cut government, but there is plenty of waste to be found.
For decades, in an effort to shore up our defenses, lawmakers and regulators at every level of government have developed a progressively duplicative and complex thatch of rules, the weight of which now creates drag on our businesses, security, and economy. This approach is not creating better outcomes and, perhaps worse, we’re all paying for it in one way or another.
It is a tale as old as government itself, with every hack or breach the natural response from the bureaucratic state is to increase reporting requirements and compliance costs on private sector entities. These requirements ultimately result in more effort and resources being directed towards compliance and less investment in innovation and security.
Take banking for example, where financial institutions must demonstrate their cyber compliance with a host of government agencies. These may include the Department of Treasury, the Federal Deposit Insurance Corporation (FDIC), the Security and Exchange Commission (SEC), and, in many cases, several state regulators. Each federal and state agency requires many of the same assurances from companies, but often require it in different ways. This duplicative bureaucracy wastes resources that could otherwise be spent on actual cyber security, rather than on paperwork and audits that are only good for one regulator. In the case of the banking industry alone, it is estimated duplicative cyber compliance costs the industry more than $1 billion per year.
The right course is to harmonize cybersecurity regulations requirements across the sixteen critical infrastructure sectors and provide reciprocity among regulatory bodies. For instance, if a regional bank can meet the regulatory standard for the FDIC, that attestation should be good to prove their compliance with regulators from additional agencies.
Once common baselines are established, regulators can raise the floor on what’s acceptable risk tolerance, require sector-specific addenda for new information — creating a schema akin to the so-called Common Application for college admission.
The Trump administration and DOGE have a unique opportunity with cybersecurity regulations. Addressing this issue will not only reduce the worst kind of government bloat — regulation for regulation’s sake — but also can save businesses billions of dollars annually on compliance measures. The cost of these measures is presently being passed along to consumers without actually enhancing their protection of the malicious actors across the globe.
As Mr. Musk and Mr. Ramaswamy continue to build out their team, they have access to some of the greatest talent to truly address this hydra.
Pulling together cybersecurity leaders with leaders from across industry will immediately reveal the size and scope of the issue. And, with President Trump’s bully pulpit and a continued bipartisan concern for our nation’s physical and digital security, we have a truly unique opportunity to unleash innovation and investment in outcomes that will better protect all of us.
Colonel Laurie Buckhout, U.S. Army, (ret.) spent twenty-six years on active duty, including a year in combat in Iraq as a battalion commander of over 800 soldiers, from 2003-2004. She is known globally as a top leader in national military strategy, acquisition policy, cyber and electronic warfare. In 2024, Col. Buckhout was the Republican nominee for Congress North Carolina’s 1st District.