A federal judge’s order that Elon Musk’s team temporarily cease boring into the Treasury Department’s payment systems largely rests on questions about privacy and cybersecurity.
The activities of Mr. Musk’s government cost-cutting effort, the judge said in his order on Saturday, risk “the disclosure of sensitive and confidential information” and render them “more vulnerable than before to hacking.”
It is a risk that cybersecurity experts have been calling attention to over the past 10 days, as Mr. Musk’s band of young coders demanded access to the Treasury’s innermost systems. That access was ultimately granted by the newly confirmed Treasury secretary, Scott Bessent.
But other than vague assurances that the new arrivals at Treasury’s door had proper clearances, there was no description of how their work would be secured — and plenty of reason to believe that it would make it easier for Chinese and Russian intelligence services to target Treasury’s systems.
That was the central argument made by 19 attorneys general as they sought a temporary restraining order to get Mr. Musk’s workers out of the Treasury systems. And the federal judge, Paul A. Engelmayer, endorsed it on Saturday, limiting access to existing Treasury officials until a hearing next week in front of a different federal judge.
In the days before the order, concerns over the potential security vulnerabilities created by Mr. Musk’s project, which he has called the Department of Government Efficiency, were rampant. The Washington Post reported that a subcontractor to Booz Allen Hamilton, the firm that runs much of the Treasury’s threat detection center, had issued a written warning; it was retracted after its contents were leaked. And outside experts have described, in detail, what could happen when an outsider gains sudden access to a locked-down system.
Bruce Schneier, a cybersecurity expert at Harvard and author of a series of books on security vulnerabilities, including “Click Here to Kill Everybody,” called the entry of Mr. Musk’s force “the most consequential security breach” in American history.
Mr. Schneier noted that the intrusion came “not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role.”
Mr. Musk, of course, is attuned to cybersecurity issues. Starlink, the satellite system run by his company SpaceX, kept Ukraine in communications after the Russian invasion and is considered highly secure. So are the reusable rocket operations of SpaceX, which China’s space engineers have been eager to replicate.
So federal officials say that they have been shocked by the carelessness with which Mr. Musk’s workers pierced government systems, including two that are repositories of millions of sensitive records: Treasury and the Office of Personnel Management, both of which have been major targets of China’s intelligence services.
The Treasury Department has been a frequent target because of its data on sanctions, financial markets and payment systems.
During the Obama administration, Chinese intelligence services pierced the Office of Personnel Management’s files on the security clearances of more than 20 million Americans. American officials assume Chinese agents combined that data with stolen records from Starwood hotels and Anthem health system to draw a picture of where the officials were traveling and who they worked with.
“Foreign adversaries typically spend years attempting to penetrate government systems like these, using stealth to avoid being seen,” Mr. Schneier said. “In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny,” with high-level access to “America’s most sensitive networks.”
Mr. Musk’s group says that it is using “radical transparency” as it examines the spending patterns of government agencies. But little is known about how those on his team are getting access to information or whether they are making changes to systems that might introduce security vulnerabilities. The Trump administration has not revealed the names of most of the young Musk recruits nor explained what kinds of clearances they have.
In a letter this week to Senator Ron Wyden, the Oregon Democrat who raised concerns about the cost-cutting team’s work, Jonathan Blum, a Treasury official, said there was no reason for concern.
“Treasury has no higher obligation than managing the government’s finances on behalf of the American people,” he wrote, “and its payments system is critical to that process. In keeping with that mission, Treasury is committed to safeguarding the integrity and security of the system.”
He said the protections in the system were “robust and effective” and under constant review.
The post Musk Team’s Access to Treasury Systems Raised Security Concerns appeared first on New York Times.
