The tide may be turning for US federal cybersecurity professionals who have faced job cuts or the threat thereof at the hand of Elon Musk’s Department of Government Efficiency (DOGE).
Last week the US District Court of Maryland ordered the Trump administration to rehire federal government employees previously fired via DOGE initiatives, including probationary employees laid off at the US Cybersecurity and Infrastructure Security Agency (CISA). CISA employees subjected to the layoffs received an email informing them that their employment has been restored at the pay rate they had before they were terminated.
CISA also posted a notice on its website asking probationary employees who had not been contacted by the agency to “provide a password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number. Please, to the extent that it is available, attach any termination notice.”
CISA’s notice says the fired probationary employees, all of whom were hired or promoted within the past three years, will be immediately placed on administrative leave, a paid non-duty status, meaning they will be paid and resume benefits but cannot resume work in their old jobs.
The sudden reversal of the CISA firings is symptomatic of the turmoil and uncertainty that has characterized the DOGE project, creating massive public backlash and questionable improvements in government efficiency. Richard F. Forno, director of the UMBC Graduate Cybersecurity Program and the assistant director of UMBC’s Cybersecurity Institute, told CSO that this latest whiplash underscores that DOGE continues to demonstrate “a lack of management competence” in a host of areas.
Temporary reinstatements might become permanent
CISA fired 130 probationary employees last month on Valentine’s Day. Many of the fired employees were hired under the Cybersecurity Talent Management System program, which was designed to lure top cybersecurity professionals — some earning seven figures in the private sector — to rewarding but comparatively low-paying government jobs.
In his decision to reinstate the employees, Judge James K. Bredar of the US District Court in Maryland, said the firings were illegal because they were not preceded by notice to the states that would be impacted. He said that contrary to the Trump administration’s position, the mass firings were not for performance-related reasons and should be considered reductions in force, subject to state notifications and other procedural requirements.
Bredar ordered the agencies, including CISA, to reinstate the fired employees. He stayed the firings for 14 days and signaled he could rule on a permanent injunction that might allow the employees to stay beyond the 14 days and perhaps indefinitely.
CISA document process raises security concerns
It’s unclear why CISA posted its request for fired employees to send a password-protected attachment containing personally identifiable information to a publicly promoted email address. It’s also unclear how the password-protected document process would work. CISA did not respond to CSO’s request for clarification.
Some cybersecurity professionals cast doubt on how secure such a submission could be. Veteran cybersecurity professional Nate Allen told CSO, “Unless all these employees have prior training and a standard, supported method of creating encrypted attachments, which I truly doubt with all my soul, this is basically asking for all sorts of problems.”
White House exempted cybersecurity workers from mass layoffs
Still, the reversal of the CISA firings follows other good news for government cybersecurity workers. Last week, Greg Barbaccia, the United States federal CIO, urged federal agencies to refrain from laying off cybersecurity teams as they raced to complete plans for mass layoffs within their departments and agencies.
Barbaccia was responding to questions about whether cybersecurity employees’ work is national security–related and, therefore, exempt from layoffs.
“We believe cybersecurity is national security and we encourage Department-level Chief Information Officers to consider this when reviewing their organizations,” he wrote in the email to information technology employees across the federal government.
“Skilled cyber security professionals” play “a vital role in mission delivery and information assurance,” Barbaccia said. “We are confident federal agencies will be able to identify efficiencies across their non-cyber mission areas without negatively affecting their agency’s cyber posture,” he added.