Amid a push from the White House to intensify internal leak investigations, Immigration and Customs Enforcement (ICE) is in the process of renewing a significant cybersecurity contract. This contract dictates how employee activities on agency systems are tracked, recorded, and stored for potential investigations.
This initiative, termed Cyber Defense and Intelligence Support Services, is publicly framed as a standard security measure for network monitoring, incident response, and general security maintenance. However, recent contract documents obtained by WIRED reveal ICE’s intentions to broaden and improve its collection of digital logs and device data, specifically for internal investigations and law enforcement applications.
ICE is proceeding with the recompete process, which involves reissuing and renewing a substantial federal contract. This move coincides with Department of Homeland Security (DHS) leadership increasing leak investigations and enhancing surveillance of employee system usage. The contract details strategies for maintaining thorough records of digital activities, employing automated tools to identify unusual patterns, and integrating cybersecurity operations more closely with ICE’s investigative branches to expedite the use of this data in internal cases.
Beyond tracking internal personnel, the contract outlines an extensive cybersecurity operation. This includes continuous monitoring of ICE networks, automated alerts for suspicious activities, and regular analysis of logs from servers, workstations, and mobile devices. A key stipulation is that all collected data must be stored and structured to allow for step-by-step reconstruction of incidents, serving both security reviews and official investigations.
While ICE’s Office of the Chief Information Officer, responsible for the agency’s security operations center, manages this work, the contract facilitates information sharing across various departments. Cybersecurity findings are intended for investigative and oversight units, such as Homeland Security Investigations and ICE’s Office of Professional Responsibility, which addresses employee misconduct. This framework ensures that digital activity data gathered for cybersecurity can be rapidly channeled into internal inquiries upon investigator request.
ICE did not provide a response when asked for comment.
This increase in internal monitoring occurs as the Trump administration has characterized dissent within federal agencies as a threat. The administration has actively sought to identify and dismiss career officials perceived as ideologically misaligned, especially within national security and law enforcement sectors.
Upon returning to office, the Trump White House has framed internal dissent in terms of loyalty, rather than as misconduct or deliberate undermining of the government. This approach suggests that political disagreement with the president’s objectives could be grounds for dismissal.
Consequently, officials have worked to centralize control over the civil service, reduce job protections, and pressure agencies to identify personnel seen as resistant to the administration’s political agenda. Trump has publicly stated that federal agencies aim to dismiss individuals perceived as having “loyalties to someone else.” Similarly, Russell Vought, director of the Office of Management and Budget, has contended that bureaucracy has been weaponized, characterizing the civil service as an adversarial entity.
The circulation of public watch lists by conservative organizations, widespread reclassification of civil service positions, and numerous firings of probationary employees have collectively reinforced the idea that dissent, or even perceived disloyalty, can jeopardize one’s career.
Within DHS, this stance has coincided with efforts to undermine traditional oversight mechanisms. Early in his tenure, President Donald Trump removed or marginalized numerous inspectors general, resulting in watchdog offices being understaffed or managed by interim officials. Advocates for whistleblowers and former oversight officials suggest this has created a chilling effect, leading to fewer internal investigations and reduced protection for employees who report concerns about policy or misconduct.
Various watchdog organizations have cautioned that expanded monitoring systems, particularly when combined with diminished oversight, can obscure the distinction between cybersecurity and retaliatory actions. They argue that tools designed to identify security breaches or misuse could readily be repurposed to monitor internal critics, especially in the absence of robust privacy protections and independent review.
In this context, standard cybersecurity infrastructure effectively serves as a means to enforce internal conformity.
This expansion occurs despite recurring warnings from oversight bodies. Audits by the Inspector General have indicated that ICE has not consistently deactivated accounts for departing employees, adequately monitored privileged access, or secured agency-issued mobile devices, particularly those used abroad.
Additional DHS reviews have warned that the growth of insider-threat monitoring has outpaced the development of governing policies and privacy safeguards intended to regulate it. This raises questions about the methods of monitoring, retention, and ultimate utilization of employee data.
