When the so-called Department of Government Efficiency recently fired dozens of people from the US Digital Service—the agency DOGE subsumed last month—it may not have realized the extent of the collateral damage.
The USDS doesn’t operate in a vacuum; part of its longtime mandate is to consult with federal agencies to help improve their digital platforms and websites. So when DOGE terminated Jonathan Kamens in its agency purge, it may not have fully grasped that it was firing the security lead for the Department of Veterans Affairs website—the digital hub that connects veterans with their benefits and hosts sensitive personal data, including medical records.
Interviews with multiple current and former VA sources, along with veterans who now work in private-sector cybersecurity, indicate that Kamens’ firing could have disastrous privacy consequences for millions of US veterans.
“I believe that his abrupt firing puts the security of veterans services at risk,” one source with knowledge of VA systems, who was granted anonymity because they fear retaliation, told WIRED about Kamens. “Eliminating the person responsible for the security of veteran information on VA.gov erodes the quality of the service for the veteran. It’s reckless.”
VA.gov is what Kamens calls “the front door” for all VA benefits. The site served more than 20 million registered users in the past 12 months, resulting in more than 53 million transactions. Veterans go there to access, among other things, financial, educational, health care, and death benefits. In other words, VA digital services are not only central to the lives of many veterans and their families but also a repository of deeply private information about their lives.
“It’s inevitable that the cybersecurity practice within VA.gov is going to suffer and that they are going to fall behind on what they are required to do in order to keep cybersecurity on VA.gov where it needs to be,” Kamens says. “And the result of that is it’s going to get worse, and eventually it will get bad enough that there will be an incident.”
Kamens was not the only person working on VA digital security and was far from the only person there who cares about safeguarding veterans’ personal data. But he served a vital role in a large and important government apparatus that is notoriously strapped for resources. In particular, Kamens says, he was the only staffer working full-time on VA.gov cybersecurity and, therefore, the point person for overseeing protective upgrades and services from third-party security vendors.
“This is sensitive data that in the wrong hands can do harm to people,” Kamens says. “There was always too much work to do and not enough people to do it, and now all of a sudden I’m gone. DOGE is all about efficiency, and that is not going to make VA more efficient.”
The VA did not comment in response to WIRED’s questions about changes in the cybersecurity staffing for VA.gov. In addition to cuts at USDS, more than 1,000 workers were fired from the VA itself last week. “President Trump’s looking for efficiencies so that we can do our job better,” said secretary of veterans affairs Doug Collins in a video statement on Thursday. “When you’re doing things, you’re making moves, you’re making good moves, motion causes friction.”
The dozens of USDS cuts last week hit teams like product management, design, and procurement. Kamens and other sources told WIRED that he is the only person from the USDS engineering team who was fired. He and others speculate that he was targeted because he had been publicly critical of DOGE in the weeks before the USDS cuts. DOGE did not return a request for comment about his removal.
While all large IT systems need to be protected from hacking threats, Kamens says that the most urgent projects he was working on at the VA involved containing veterans’ sensitive personal data so it could only be stored in the most guarded parts of the system and deploying stronger controls to limit who could access what information. Both understanding how data flows through a system and limiting access to reduce risk from network intrusion and insider threats have emerged as key security priorities for any organization.
“My biggest concern that I was trying to address in my time at the VA related to personal health data and personal information, PHI and PII, ending up in places they weren’t supposed to be,” Kamens says. “And, in my opinion, our access control, while it was OK, was not as strong as it should have been, meaning I don’t think we had enough granularity over controlling who had access to what data.” He adds that projects he was spearheading to address these concerns are now at high risk of stalling out.
The impacts of the cuts at VA, as well as the USDS cuts that will also affect the veterans’ agency, are still coming into view. But in addition to potentially hampering initiatives to improve digital security, the reductions may affect the efficacy and reliability of the digital protections that are currently in place.
Senator Patty Murray, a Democrat from Washington and the vice chair of the Senate Appropriations Committee, hosted a virtual press conference on Wednesday with former federal workers from her state who were recently terminated. One, Raphael Garcia, is a disabled Army veteran who had been working as a management analyst for the VA.
“I coordinated IT system access so that every team member had the proper tools,” Garcia said during the event. “I managed critical compliance and operational controls while maintaining constant communication with stakeholders nationwide.” He added that while his termination is a personal hardship, it is also a “stark reminder that our federal government is dismantling its central support system for veterans and vulnerable communities.”
For his part, Kamens, who spent his career prior to USDS in the private sector, says that he came to love government work, and it will be difficult to find another job as rewarding.
“There were these interviews we all had to do with the DOGE people the day after the inauguration,” he says. “In mine, one of them asked me to describe what I was doing at VA and then said something like, ‘If you’re doing all that work, why aren’t you working in the private sector where you could be making twice as much money?’ And I said, ‘Because I don’t care about the money. I care about serving veterans.’
“I think the fact that someone asked me that question at all is really telling.”