Just a few weeks ago, the greatest threat to U.S. government computer systems seemed to be that hostile foreign powers could break into them and steal data. In late December, Treasury Department officials sent a letter to members of Congress reporting that a Chinese group had hacked their systems and stolen unclassified documents. The department said that it was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the damage.

But in recent days, a much more urgent threat has emerged, one that is homegrown: the billionaire tech entrepreneur Elon Musk and his team of engineers from the so-called Department of Government Efficiency have claimed wide-ranging access to vital systems that handle sensitive and classified information at several government agencies. Perhaps by design, the scope and details of Musk’s actions are difficult to pin down. In a hearing before a federal judge this week, lawyers for the Trump administration maintained that Musk had not personally accessed sensitive Treasury Department data and agreed that the “special government employees” affiliated with DOGE would have “read-only” access to the information and would not share it with other people working with DOGE.

But even setting aside the legality of DOGE’s moves, some of which appear unlawful and unconstitutional on their face, and the dangerous privacy risks to Americans from the breach of sensitive data, there is another cause for alarm: Musk’s activities present a national security nightmare. Consider what the intelligence agencies of U.S. allies and adversaries see when the American president grants sweeping access to the basic systems that make the U.S. government run to a team of young people who have no government experience, who may not have been put through standard personnel vetting processes, and who work for an unelected figure with extensive personal financial interests in national security spending.

American adversaries surely see an espionage and blackmail bonanza. Less obviously but just as crucially, U.S. allies, accustomed to doing business and sharing information with the United States on a day-to-day basis, are likely to take a hard look at their typical routines. Will they be willing to continue operating as usual? Even if Musk has not yet reached into the major national security agencies’ systems, there is now a very real possibility that he might do so, and foreign governments, friends and foes alike, are surely paying close attention.

The putative purpose of DOGE is to identify and eliminate wasteful spending. To be sure, elements of the federal bureaucracy would benefit from reform. No one denies there is waste, fraud, and abuse in the executive branch. And it is normal for most of the federal employees who traditionally have access to these systems to be unknown to the public. What is not normal is for such access to be granted to people who are unknown to the security agencies that vet government employees, untrained in government systems, and taking direction from a person such as Musk, who has no legal authority to make decisions relating to the federal budget and federal personnel and has immense potential conflicts of interest.

Although unions representing federal workers have filed legal challenges to Musk’s decision-making authority and access to these systems, and 13 state attorneys general have announced their intention to sue over these issues, court cases will take time to resolve; meanwhile, the damage to security will already be done. Institutional trust and clarity about who has access to sensitive information and authority within institutions are critical to U.S. security. By undermining systems meant to safeguard the public, the Trump administration has not only dramatically reduced the chance for genuine reform but also put the country at risk. Trump and Musk’s actions amount to throwing a grenade into the center of the national security apparatus; eventually that grenade will go off, and there will be nowhere for the United States to dive for cover.

TRUST BOMB

Good foreign policy is invisible—it is routine, boring, and full of everyday interactions that hardly anyone notices but that are essential for preventing bad outcomes and mitigating those that do occur. Allies and partners share intelligence, consult, and plan; in times of crisis, the United States can turn to them for help. The foundation of this system is trust. This trust is highest with the country’s friends and allies—whose willingness to work with the United States is already being undermined by Trump’s tariff threats and other types of bullying behavior. But some level of trust even underpins relationships with adversaries, with whom the United States regularly communicates through official and unofficial channels to avert dangerous miscalculations and misunderstandings.

Musk’s recent initiatives target two pillars of this foundation. The first is what the political scientists Henry Farrell and Abraham Newman have called the “plumbing” of the international system. A crucial part of that plumbing are the systems that Musk and his team have accessed, which contain highly sensitive information, including the personal data of any American who receives U.S. government payments such as Social Security, tax refunds, and veterans’ benefits. According to reporting from Wired, in addition to the members of Musk’s team who have read-only access to these systems, one engineer who has worked for Musk had “many administrator-level privileges” and “the ability not just to read but to write code” at the Bureau of the Fiscal Service. (That engineer resigned on February 6, after The Wall Street Journal linked him to a now-deleted X account that contained racist posts, but the damage to secure systems—and the damage to confidence in them—may have already been done.)

The Treasury Department is a significant foreign policy actor in its own right, playing an important role in sanctions policy, for example. If Musk’s team has access to and can rewrite the code directing U.S. government payments, the cybersecurity and privacy risks would be massive. Hostile intelligence services are likely already at work trying to assess which Musk team members might be sloppy with their digital devices or vulnerable to entrapment or coercion. And Treasury Department officials are likely worried that untested code might cause the payments system to crash.

Musk’s DOGE employees also demanded access to classified systems for which they had no authorization. According to Bloomberg News, members of the DOGE team showed up on January 27 at the U.S. Agency for International Development (USAID), which the Trump administration seems intent on dismantling as an independent government agency, without consulting Congress. On February 1, DOGE employees demanded access to USAID’s sensitive compartmented information facility (SCIF), a type of secure room used throughout the executive branch to handle classified information. After being stopped by a security official, “one of the DOGE employees made a call to Musk, who informed the agency’s security officials that he would involve the U.S. Marshals Service if his team wasn’t given access to even sensitive information.” According to The Guardian, the security official was shortly after “placed on administrative leave and the DOGE staffers entered the SCIF.”

Musk’s activities present a national security nightmare.

Sharing and protecting secrets is an essential part of international cooperation for the United States and its closest allies: countries need to trust that sensitive information will be treated as such. As the political scientists Allison Carnegie and Austin Carson have demonstrated, “effective confidentiality systems” are crucial to international cooperation because countries fear that their intelligence collection, including sources and methods, will fall into the wrong hands, making it harder to gather intelligence in the future.

It’s not clear why Musk wanted access to the SCIF at USAID. But classified information is compartmentalized within the government for a reason—to limit the number of people who can see it to those who really need to know and to keep the risk of inadvertent or malicious disclosure to a minimum. Even if Musk’s team goes no further, the threat that DOGE might try anything that would undermine the government’s secrecy systems will erode the confidence of U.S. allies that they can share sensitive intelligence information with the United States.

The second pillar of trust is based on the people who work in the agencies. To be sure, in normal times, many people at the Treasury Department whose names the general public does not know have access to the payments system and all the sensitive personal data that Musk can now see. But those are career, apolitical bureaucrats who serve presidents of both parties and whose job is to execute payments, not make decisions about who gets what. They are vetted, asked to declare and resolve any potential conflicts of interest, and, once given the appropriate clearances (if they pass), trained on the systems.

It is not clear how thoroughly, if at all, members of the DOGE team have gone through those processes. On his first day in office, Trump issued an order enabling individuals to receive temporary high-level clearances and to be “immediately granted access to the facilities and technology necessary to perform the duties of the office to which they have been hired.” On February 3, The New York Times reported that “Musk’s allies who were given access to the payment system were made Treasury employees, passed government background checks and obtained the necessary security clearances, according to two people familiar with the situation.” But background checks for those types of clearances typically take many months, if not longer, so it remains unclear just how thoroughly members of Musk’s team have been vetted. According to TheWall Street Journal, SpaceX lawyers “began analyzing the risks of seeking a higher security clearance for Musk after the Journal reported in June [2023] about Musk’s use of ketamine,” and they “concluded that if SpaceX sought a higher security clearance [for Musk], it would risk Musk being turned down, or worse, losing the top-secret clearance he already has.”

Then there is the risk of corruption and conflicts of interest that affect national security. As the sociologist Elizabeth Popp Berman has explained, giving direct control of the federal funding spigot to the president and his agents is deeply undemocratic because it gives them the ability to deprive funds that have been allocated by law by Congress to anyone viewed as a political opponent while routing money to reward political allies—all without congressional oversight or approval. This risk of corruption applies to Musk, as well, who can now view and potentially stop government payments to business competitors and could try to engineer U.S. government systems in ways that benefit his own private financial interests.

INSIDER THREAT

American allies and partners work with the United States because they trust that the systems and people behind its foreign policy have been vetted and act on behalf of the United States rather than a private entity. Adversaries may not like the United States, but until now they have known how to reach Washington when necessary, how to conduct business with the U.S. government, and how far they can push U.S. systems and people.

These elements of trust are part of the invisible bedrock of U.S. foreign policy. Allies in particular will be reluctant to share sensitive intelligence information if they fear that individuals with no government experience and who have not been vetted through typical security protocols will gain access to that intelligence. Musk and his team have found their way to the most closely guarded private federal data, and they will make the United States an object of mistrust to those who interact with the invisible machinery of U.S. national security.

Loading…