Secretary Noem fires FEMA IT leaders over major cyber lapses

Webp 05a8ydgah5mxo0kgg3cqba4k2kxu
Kristi Noem, Secretary of the Department of Homeland Security | Wikimedia

Secretary Noem fires FEMA IT leaders over major cyber lapses

ORGANIZATIONS IN THIS STORY

Homeland Security Secretary Kristi Noem has dismissed two dozen members of the Federal Emergency Management Agency’s (FEMA) IT department after significant security failures were uncovered. The action follows a review that revealed the team had neglected basic cybersecurity protocols, putting federal networks at risk.

According to Secretary Noem, the investigation found that FEMA’s IT leadership failed in their responsibilities and attempted to conceal the extent of vulnerabilities. “FEMA’s career IT leadership failed on every level. Their incompetence put the American people at risk,” said Secretary Noem. “When DHS stepped in to fix the problem, entrenched bureaucrats worked to prevent us from solving the problem and downplayed just how bad this breach was. These deep-state individuals were more interested in covering up their failures than in protecting the Homeland and American citizens’ personal data, so I terminated them immediately. The American people deserve results from their government.”

The review was initiated under Secretary Noem's direction as part of a broader examination of FEMA’s operations and IT systems. During this process, the Department of Homeland Security (DHS) Office of the Chief Information Officer identified serious lapses that enabled a threat actor to gain access to FEMA’s network.

Officials report that no sensitive data was taken from any DHS networks and no citizens were directly affected by these vulnerabilities.

Failures cited include an agency-wide absence of multi-factor authentication, continued use of outdated legacy protocols, unaddressed critical vulnerabilities, and insufficient monitoring capabilities across FEMA systems.

Secretary Noem also criticized longstanding resistance within FEMA’s IT division: entrenched staff reportedly avoided inspections and misrepresented the scope of cybersecurity weaknesses over several years.

Despite nearly $500 million spent on IT and cybersecurity measures during Fiscal Year 2025, FEMA’s efforts did not deliver adequate protection or operational improvements for its stakeholders.

“This unacceptable behavior will not be tolerated in the Trump administration,” added Secretary Noem.

ORGANIZATIONS IN THIS STORY