Musk’s anticipated cost-cutting hacks could weaken American cybersecurity – Source: www.csoonline.com

Donald Trump has named loyalist and the richest man in the world, Elon Musk, along with former presidential candidate Vivek Ramaswamy, to spearhead an initiative called the Department of Government Efficiency, or DOGE.

DOGE, named in a nod to Musk’s favorite meme currency, aims to make deep cuts to US government spending. Musk says he seeks to cut at least $2 trillion from the US civilian agency federal budget while dramatically scaling back regulations in what he calls a “bonfire of nonsense regulations.”

Despite its name, DOGE will not, at least immediately, function as an actual US government department. Creating such a department would require an act of Congress, a virtual impossibility in the current political environment. Instead, reports suggest it will act as a business advisory panel operating under a 1972 law called the Federal Advisory Committee Act.

Some experts argue that it doesn’t matter if DOGE is only an advisory arm, given Trump’s obeisance to Musk, whose campaign finance donations and heavy promotion of his candidacy on X helped ensure his victory. “Whether it’s a department is not the question here,” David Brumley, CEO of Mayhem Security, tells CSO. “Musk has access to Trump. Trump has put in a bunch of people with no experience. They’re going to need to get advice. They’re going to just follow his advice.”

DOGE-recommended cuts, if implemented, will likely significantly impact the cybersecurity efforts of most US federal agencies. “The main implication for cyber is he’s not going to go in and say, ‘We need less cybersecurity,’” Brumley says.

“That’s not what we’re going to see. We’re going to see him chipping at the edges where quality and cybersecurity are very heavily related. He will start ignoring and removing the bureaucrats responsible for enforcing cybersecurity rules and recommendations. I think Elon will get rid of people in the bureaucracy who ask questions,” just as he did with Twitter when he cut 80% of the staff, including most of the cybersecurity, trust, and safety staff after he acquired the company.

Musk’s business interests implicate a range of cyber efforts

Although it’s too soon to predict what cybersecurity regulations DOGE might affect, experts say Musk might, at minimum, seek to strip regulatory power from agencies that align with some of his business interests, weakening their cybersecurity requirements or recommended practices in the process.

Musk’s effort dovetails with what experts have already said: there is a high likelihood that the Trump administration will move to eliminate cybersecurity regulations. A landmark Supreme Court decision this summer that casts doubt on the future of all expert agency regulations reinforces this deregulatory direction.

Musk’s major businesses and the corresponding cybersecurity regulations or recommendations that the DOGE effort might hamper include:

SpaceX and Tesla

Most of the cyber constraints related to Musk’s SpaceX or Tesla deal with “cyber-physical systems” or industries that rely on operational technology. Unlike other cybersecurity regulations, cybersecurity requirements imposed on cyber-physical systems can be bespoke arrangements with government agencies that aren’t open to the public. Therefore, it’s difficult to gauge the degree to which Musk’s companies are already complying with or objecting to those requirements today.

“For example, SpaceX works with NASA, and NASA ultimately has to approve what gets flown,” Brumley explains. “It’s one company working with very high-tier people at NASA. Given how big the program is, you won’t see much public discussion about these sorts of things.”

Even so, some well-known regulatory initiatives undertaken by the Trump and Biden administrations might be in DOGE’s crosshairs, including those that, while not technically federal requirements, are cited by agencies as recommended practices for cybersecurity risk management. These include SPD-5, a space cybersecurity policy directive signed by Trump in 2020 to provide guidance on protecting space assets.

To strip away regulations affecting Tesla, Musk might target the February 2023 National Electric Vehicle Infrastructure Standards and Requirements issued by the Federal Highway Administration and the US Department of Transportation. This effort established minimum standards and regulatory requirements, including cybersecurity requirements, for light-duty EV chargers funded under the Infrastructure Investment and Jobs Act. Musk might also seek to negate the 2022 voluntary cybersecurity guidance for modern vehicles issued by the National Highway Traffic Safety Administration.

Neuralink

Another Musk business facing cybersecurity requirements is his implantable brain-computer interface startup, Neuralink. In May 2023, Neuralink received US Food and Drug Administration (FDA) clearance for its first-in-human clinical trial of its brain implant. In September 2024, Neuralink’s Blindsight implant received the FDA’s “breakthrough device” designation to restore sight in the vision-impaired. Both devices are subject to FDA recommendations regarding cybersecurity in medical devices.

xAI

xAI is Elon Musk’s artificial intelligence company, founded in 2023 as a rival to OpenAI. Its goal is to “understand the true nature of the universe.” Given Musk’s grand ambitions for xAI, his DOGE effort could loom large in what will likely be a shift in policy away from the joint guidance of securing AI systems agreed to by the Five Eyes consortium, Biden’s executive order on the safety and security of AI systems and the White House’s Blueprint for an AI Bill of Rights.

However, given that Trump issued a non-controversial AI executive order during his first term, and Musk backed the stringent AI regulation bill that California governor Gavin Newsom vetoed in September, it’s also possible that Musk and DOGE might lead a policy shift on AI that is more aligned with existing AI safety efforts.

X (formerly Twitter)

Although no federal regulations govern Musk’s social media network X, Musk has sought to terminate a consent order with the US Federal Trade Commission regarding the social media company’s data privacy protections.

In addition, Musk could weigh in at the federal level on several legislative proposals related to content moderation. These proposals include revoking Section 230 of the Communications Decency Act, which exempts social media and other platforms from liability for hate and other offensive speech posted on their platforms.

Musk’s vast conflict of interests creates a bad image

Experts agree that Musk’s role in DOGE signals a massive conflict of interest, given how many cyber requirements and recommendations affect his businesses and, more importantly, how much Musk’s enterprises depend on US government contracts.

For example, NASA has awarded SpaceX more than $4 billion for two human moon landings later this decade. SpaceX also has multiple contracts with the US Defense Department, some classified and said to be worth billions. In addition, the Pentagon has purchased internet services in Ukraine from SpaceX’s Starlink constellation to launch rockets, build satellites, and provide space-based communications services. SpaceX has reportedly landed $11 billion in federal contracts over the past five years.

“Trump could not possibly have made a worse choice than Elon Musk to lead the new ‘Department of Efficiency’ panel,” Craig Holman, who focuses on governmental ethics at nonprofit consumer advocacy organization Public Citizen, tells CSO.

“He is battling the FAA as the agency seeks to ensure safety regulations over SpaceX rocket development. He has been fined by the EPA for pollution near his Texas launch pad. The Securities and Exchange Commission disciplined Musk over Tesla. And the National Highway Traffic Safety Administration is watching for safety concerns over the course of Tesla’s self-driving cars.”

Holman adds: “[Musk] will now be in a position to influence the awarding of lucrative government contracts, all the while whittling down public safety measures for self-serving enrichment. Musk’s appointment is not only untenable for the public’s interest; it is likely to backfire on the Trump administration by creating an image of self-dealing manipulation of government regulations and fostering corruption in government contracting.”

Michael Daniel, president and CEO of the Cyber Threat Alliance, agrees. He tells CSO, “The idea that you’re going to put somebody who has as many business interests as he does in a place where he could easily make himself even richer from the actions that he would take should be anathema to people.”

Stripping out regulations won’t be easy or could be impossible

Even if Musk and the DOGE effort were to succeed in hacking back a significant number of regulations, experts say it won’t come easy. “One doesn’t know how enduring their relationship will be, nor how much of it is just going to be talk, nor how much opposition there might be in the state generally,” Tony Yates, former Professor of Economics at Birmingham University in the UK and a former senior advisor to the Bank of England, tells CSO.

“The US has lots of checks and balances, many of which aren’t working as well as they used to,” he says. “But they’re still not entirely absent. So, it’s really hard to predict.”

Daniel notes that it is not the first time that a US administration has tried to bring in businesspeople to look at how the government works and make recommendations, Daniel says. “But, at the end of the day, most of what you’re talking about would also have to go through the legislative process.

Despite all the tough talk, Trump and Musk face an uphill battle even with the Republican party in control of the House and Senate. “There are no programs in the federal government that do not have constituencies,” Daniel says. “Now, they may be constituencies that this administration doesn’t care about. But, the programs that don’t have constituencies have been cut and killed, and their resources have been applied to other things over time.”

Some experts doubt that Musk will be able to achieve the regulatory bonfire he desires. “[Both Trump and Musk] have sketched very drastic cuts in government expenditure that might be possible because, in their wisdom, they think that there’s 20%, 30%, 40% waste in the state,” Yates says. “That’s complete nonsense. I’m sure there is some waste in every modern state, but there is no prospect of saving that kind of money without causing very great damage to the administrative state in the US.”