"The Cyber Incentive program began life in 2015 under the National Protection and Programs Directorate, which became CISA in 2018. According [PDF] to the Office of the Inspector General at CISA's parent agency, the Department of Homeland Security, it didn't take long for "fraud, waste, and abuse" of the initiative to become standard operation procedure at the nation's cybersecurity watchdog."
"CISA's HR department made the situation worse by not maintaining records of Cyber Incentive recipients and payments to them. The OIG said that the systemic failure to comply with federal regulations and CISA's own requirements for the Incentive program led to around $1.41 million in unallowed back payments to 348 recipients between fiscal years 2020 through 2024. The program paid out more than $138 million in total during those years."
The Cyber Incentive program began in 2015 and continued under CISA after 2018. The Office of the Inspector General found pervasive fraud, waste, and abuse within the initiative. CISA approved incentive payments for ineligible employees, with improper awards ranging from $21,000 to $25,000 annually. Human resources failed to maintain recipient and payment records. These failures produced about $1.41 million in unallowed back payments to 348 recipients from fiscal years 2020–2024 and contributed to more than $138 million paid out during that period. At one pay period, 1,401 of 3,220 employees received incentives, including 240 support staff not directly tied to cybersecurity. Eligibility was limited to NIST-defined cybersecurity roles or employees holding CISA-approved cybersecurity certifications.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]