• Technology

    CISA blasted by US watchdog for wasting funds and retaining the wrong employees

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    CISA blasted by US watchdog for wasting funds and retaining the wrong employees

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    UK policing watchdog finds National Crime Agency heavily reliant on weak legacy systems

    Many bosses don’t believe their workers have good enough security awareness

    CISA warns hackers are actively exploiting critical CitrixBleed 2

    Trump’s “One Big Beautiful Bill” set to award $1 billion funding to “offensive cyber operations”

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    What the UK’s new cyber budget means for industrial organizations in Critical National Infrastructure (CNI)

    Many companies are still failing to budget for cybersecurity

    FBI, CISA warn of more Scattered Spider attacks to come

    Burnout, budgets and breaches – how can CISOs keep up?

    Insider breaches are a bigger security threat than ever before – here’s how your business can stay safe

    I am the CEO of an endpoint management firm, and it’s baffling how often governments overlook unsecured devices

    Clorox sues Cognizant for “giving away” passwords which led to major breach

    I am a data security expert and here are 5 lessons on cyber security from the Legal Aid Agency cyberattack

    Signal clone used by federal agencies hit in attacks targeting major flaws – CISA says patch immediately

    A free service to protect US critical infrastructure against Russian cyber attacks has ended – but did it shut down just a touch too soon?

    CISA blasted by US watchdog for wasting funds and retaining the wrong employees

    Sead Fadilpašić

    15 September 2025

    Roughly $183 million was given to CISA in four years

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock)

    CISA mismanaged over $138 million in cybersecurity retention funds, awarding incentives to unqualified or unrelated personnel
    The agency lacked proper oversight, documentation, and compliance, undermining its ability to retain critical cybersecurity talent
    DHS OIG recommended eight corrective actions; seven have been implemented, with one unresolved concerning recovery of improper payments

    The US Cybersecurity and Infrastructure Agency (CISA) mismanaged funds and failed to properly oversee and document various funding incentives, risking its ability to retain top cybersecurity talent.

    This is the conclusion of “CISA Mismanaged Cybersecurity Retention Incentive Program and Wasted Funds, Risking Critical Talent Retention”, a new report published by the DHS Office of Inspector General (OIG).
    CISA is a US government agency responsible for protecting critical infrastructure and leading federal cybersecurity efforts, and apparently – it’s been doing a poor job lately.

    You may like

    UK policing watchdog finds National Crime Agency heavily reliant on weak legacy systems

    Many bosses don’t believe their workers have good enough security awareness

    CISA warns hackers are actively exploiting critical CitrixBleed 2

    Lacking oversight
    In the report, OIG slammed the agency for mismanagement and noncompliance, claiming the agency failed to properly design, implement, and manage its Cybersecurity Retention Incentive program.

    As a result, its use of more than $138 million in federal funds, which it received between 2020 and 2024, was inefficient, by large. Among other things, OIG said the agency paid incentives to employees who did not meet mission-critical, or high-qualification criteria.
    In fact, some recipients held administrative roles unrelated to cybersecurity, and 348 individuals received $1.41 million in unallowed back payments.
    OIG also said CISA lacked oversight and documentation, claiming its Office of the Chief Human Capital Officer did not maintain accurate records of recipients or payments, and broadened eligibility requirements without proper procedures. DHS’s oversight was also insufficient, it was added.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    All these things meant CISA was risking cybersecurity talent retention. OIG argued that the diluted incentive program undermined morale among qualified cybersecurity professionals and jeopardized CISA’s ability to retain critical talent.
    “If CISA continues to offer the Cyber Incentive to a broad swath of its workforce, circumventing the intent of the program, it risks attrition and increased vulnerability to cyber threats as well as spending money unnecessarily,” the OIG warned.
    Finally, the agency recommended eight steps to improve program integrity and, per the document, CISA agreed with all eight of them. Seven already seem to be implemented, while the eighth one is currently unresolved, and it revolves around recovering improper payments made to ineligible employees.
    Via Cybernews
    You might also like

    CISA is warning of a worrying Git security flaw, so stay alert
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    UK policing watchdog finds National Crime Agency heavily reliant on weak legacy systems

    Many bosses don’t believe their workers have good enough security awareness

    CISA warns hackers are actively exploiting critical CitrixBleed 2

    Trump’s “One Big Beautiful Bill” set to award $1 billion funding to “offensive cyber operations”

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    What the UK’s new cyber budget means for industrial organizations in Critical National Infrastructure (CNI)

    Latest in Security

    It doesn’t take a genius to be a cybercriminal – and open source ransomware is making it easier than ever

    Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

    VSCode market struck by huge influx of malicious WhiteCobra extensions – so be warned

    Double check your Microsoft 365 and Google accounts – this VoidProxy phishing service is hitting them hard

    US solar highway infrastructure may contain hidden malicious tech, officials warn

    US Senator says Microsoft should be probed for ‘gross cybersecurity negligence’ after hospital ransomware attacks

    Latest in News

    Battlefield 6 will be better for everyone thanks to the Xbox Series S

    Amazon teases major hardware launch – here are 5 things to expect, from new Echos to Kindles

    I can’t stop rewatching Christopher Nolan’s best movie, and the good news? It’s free to stream

    The Apple Watch’s new hypertension upgrade lands in watchOS 26 today – here’s why it’s a big deal and which models are compatible

    Your Apple TV 4K gets a free upgrade to tvOS 26 today – here are 5 changes to try

    If you’re hankering to play Final Fantasy 7 Remake Intergrade on Switch 2, then be warned: it’s massive and will be a Game Key card

    LATEST ARTICLES

    China accuses Nvidia of breaking anti-monopoly rules ahead of trade talks with US

    I saw Samsung’s micro-RGB next to a Hisense RGB mini-LED TV, and the future of TV has me excited

    Amazon teases major hardware launch – here are 5 things to expect, from new Echos to Kindles

    Should everyone have access to ChatGPT? AI for all raises some important, yet difficult, questions

    Donkey Kong Bananza: DK Island & Emerald Rush review: neat, but should’ve been free

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like