Two of them, Sean Kelley, the chief information security officer for the Environmental Protection Agency, and Richard Staropoli, the chief information officer for the Department of Homeland Security, had been in their jobs for just a few months. This is probably just in time to open the can of worms and be told that they would not have the budget to fix the mess.
The other two, Rob Foster, the Navy's chief information officer, and Dave DeVries, the director of information security and privacy at the Office of Personnel Management, are departing agencies for which computer security is a top priority.
DeVries assumed his job shortly after the OPM suffered the largest known cyberattack in federal government history, and Foster had served in similar positions at the Department of Health and Human Services and Immigration and Customs Enforcement.
Ann Dunkin, the CIO of the EPA under President Barack Obama was asked to leave by Trump’s transition team and now holds the same title for Santa Clara County, California said that the exits show that Trump is having problems with the career CIOs who were there during the Obama administration.
Kelley and Foster are taking jobs in the private sector, something that's not unusual for government cybersecurity officers seeking better pay, and DeVries is retiring, reportedly to spend more time with his family. The reason for Staropoli's sudden resignation August 3, after just three months on the job, was not known. None of them is saying anything.
According to the Partnership for Public Service, a nonprofit group that pushes for government efficiency, Trump has appointed significantly fewer top federal employees than his recent predecessors. Out of more than 1,100 non-judicial government positions that require Senate confirmation, for example, Trump has only nominated 279.
But this must all be worrying. Federal cybersecurity breaches can have devastating effects. When the OPM was hacked in 2015, the intruders, believed to be Chinese, accessed an estimated 21.5 million federal employees’ Social Security numbers as well as a database that contained government background checks for federal workers.
However the Government Accountability Office found that OPM made moderate success in modernizing its cybersecurity under DeVries.
Trump was unable to understand the cybersecurity when on the campaign trail. He called it "the cyber" and saying in one debate that the "security aspect of cyber is very very tough, and maybe it's hardly doable."
His executive order on cybersecurity, signed in May after several false starts, largely cut and pasted the recommendations made by Obama's staff just before his term finished.