- Homeland Security Secretary Kristi Noem dismissed FEMA’s CIO, CISO, and 22 additional IT staff after a review found basic cyber safeguards were ignored.
- DHS said the intrusion path was contained and that no sensitive data was taken; the issues were uncovered during a department-led cybersecurity review.
- Failures cited include lack of multi-factor authentication, legacy protocols, unpatched critical vulnerabilities, and poor operational visibility.
The Big Picture
Homeland Security Secretary Kristi Noem on Friday, Aug. 29, 2025, announced the immediate termination of 24 FEMA information-technology officials after a department review uncovered significant cybersecurity lapses. In the official DHS press release, the department said no sensitive data was extracted and the vulnerability was contained before the public was affected.
According to the department, the findings indicate FEMA’s IT leadership failed to enforce phishing-resistant multi-factor authentication, continued using prohibited legacy protocols, did not remediate known critical vulnerabilities, and lacked adequate visibility into its own environment. DHS said the issues were discovered during a routine cybersecurity review ordered as part of a broader assessment of FEMA operations.
What’s New
The dismissals include FEMA Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards, alongside 22 other personnel in positions described by DHS as directly responsible for safeguarding systems. DHS said the review identified an access pathway used by a threat actor into FEMA’s network. The department emphasized that containment actions prevented data loss.
What They’re Saying
Context
Federal agencies are required to meet Office of Management and Budget zero-trust objectives—centered on identity verification, least-privilege access, and continuous monitoring—supported by CISA’s maturity model. According to DHS, the FEMA findings ran counter to those directives, highlighting persistent gaps in basic cyber hygiene despite substantial IT spending. FEMA’s mission places it at the nexus of disaster response and recovery, often handling sensitive survivor and partner data, making strong identity controls and rapid patching essential.
What’s Next
DHS did not immediately name interim leadership for FEMA’s IT organization. Standard post-incident steps typically include accelerated rollout of phishing-resistant MFA, removal of legacy protocols, priority remediation of known exploited vulnerabilities, and independent validation of fixes. Additional oversight from internal auditors or the inspector general is possible, along with briefings to congressional committees with jurisdiction over homeland security and federal cybersecurity.
The Bottom Line
The terminations signal a hard-line stance on cybersecurity compliance across DHS: leadership will be held accountable when foundational controls are missed. Even without confirmed data theft, an exposed pathway inside FEMA’s network raises enterprise risk—underscoring why zero-trust requirements are no longer optional.
A global media for the latest news, entertainment, music fashion, and more.
