Summary

Kristi Noem, the U.S. Secretary of Homeland Security since 2025, faced significant controversy after dismissing 24 Federal Emergency Management Agency (FEMA) Information Technology (IT) personnel, including Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards, following the discovery of critical cybersecurity vulnerabilities within FEMA’s network. These dismissals occurred amid a routine cybersecurity review conducted by the DHS Office of the Chief Information Officer (OCIO), which revealed severe lapses such as the absence of multi-factor authentication, use of prohibited legacy protocols, and failure to remediate known critical vulnerabilities. The security flaws enabled unauthorized access by a threat actor, posing a national security risk, although no sensitive data was ultimately compromised.
Secretary Noem publicly condemned FEMA’s IT leadership for incompetence and accused them of obstructing efforts to address the cybersecurity issues, including avoiding inspections and downplaying the severity of the vulnerabilities. Her decision to terminate key cybersecurity staff was part of a broader initiative to enforce accountability and reform FEMA’s operations, which have been criticized for management instability and operational challenges during a period of increasing disaster demands. DHS defended the firings as necessary to protect American citizens and align with efforts to eliminate non-mission critical personnel and federal waste.
The dismissals sparked mixed reactions from government officials, cybersecurity experts, and former FEMA staff. While supporters highlighted Noem’s focus on strengthening federal cybersecurity through new tools and grant programs, critics warned that the loss of experienced personnel could destabilize FEMA’s ability to safeguard critical infrastructure and respond effectively to disasters. The controversy reflects ongoing tensions within DHS and FEMA over cybersecurity readiness and organizational reform amid evolving national security threats.
This incident underscores the broader challenges facing FEMA as it navigates leadership turnover, cybersecurity vulnerabilities, and debates over disaster response governance. Noem’s actions illustrate the complexities of balancing agency accountability with operational stability in a critical federal agency responsible for national emergency management.

Background

Kristi Noem, a South Dakota native known for her roles as a rancher, farmer, small business owner, and a proud mother and grandmother, assumed the position of U.S. Department of Homeland Security (DHS) Secretary in 2025. Early in her tenure, Secretary Noem focused heavily on fulfilling President Trump’s promise to enhance national security by securing the U.S. borders, removing criminal aliens, and implementing numerous international agreements aimed at safe travel and homeland protection.
During a routine cybersecurity review of the Federal Emergency Management Agency (FEMA) systems, DHS uncovered significant vulnerabilities that posed a potential risk to sensitive data. The review revealed systemic failures within FEMA’s cybersecurity framework, including the absence of multi-factor authentication, reliance on prohibited legacy protocols, unaddressed critical vulnerabilities, and insufficient operational visibility. Despite FEMA investing nearly half a billion dollars in IT and cybersecurity in Fiscal Year 2025, these efforts failed to produce effective security measures for American citizens.
Secretary Noem publicly criticized FEMA’s leadership for their inability to implement basic cybersecurity safeguards, describing their performance as putting the American people at risk. She accused entrenched bureaucrats within the agency of prioritizing cover-ups over protective measures and acted decisively by terminating 24 FEMA IT experts, including key leaders in IT security. According to a FEMA spokesman, DHS was ultimately successful in identifying and addressing the malicious actor responsible for the breach before any sensitive data was compromised.

Incident Overview

In August 2024, U.S. Department of Homeland Security (DHS) Secretary Kristi Noem announced the termination of 24 Federal Emergency Management Agency (FEMA) Information Technology (IT) employees, including Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards, following the discovery of significant cybersecurity vulnerabilities within FEMA’s network. The breach was uncovered during a routine cybersecurity review conducted by the DHS Office of the Chief Information Officer (OCIO), which identified critical security lapses that allowed unauthorized access by a threat actor.
The investigation revealed multiple failures in FEMA’s IT security protocols, including the absence of multi-factor authentication, continued use of prohibited legacy protocols, neglect in addressing known critical vulnerabilities, and insufficient operational visibility over network activities. These shortcomings compromised the integrity of FEMA’s systems and were deemed to pose a national security risk. According to Secretary Noem, FEMA’s IT leadership exhibited “incompetence” and resisted efforts by DHS to remediate these issues, at times avoiding scheduled inspections and misleading officials about the extent of the vulnerabilities.
This action reflected ongoing tensions between DHS leadership and FEMA staff, with DHS accusing certain FEMA employees of obstructing cybersecurity improvements and downplaying the severity of the breach. The firings marked a significant step by Secretary Noem to enforce accountability within FEMA amidst broader organizational challenges, including budget cuts and operational criticism faced by the agency.

Specific Cybersecurity Issues Identified

During the DHS Office of the Chief Information Officer (OCIO) routine review, significant security vulnerabilities were discovered within FEMA’s network that allowed unauthorized access by a threat actor. The investigation revealed severe lapses in security protocols, posing risks not only to FEMA’s systems but also to the broader security of the department and the nation.
Among the critical cybersecurity failures identified were the absence of basic safeguards such as multi-factor authentication and other essential protections standard in modern IT security frameworks. FEMA’s IT team was specifically criticized for failing to implement proper security procedures, jeopardizing the personal data of American citizens and national security.
The vulnerabilities prompted immediate action by DHS Secretary Kristi Noem, who highlighted that the breach was uncovered due to her directive to comprehensively review all FEMA operations and IT systems. Although detected before any sensitive data could be extracted, the findings underscored systemic issues within FEMA’s cybersecurity posture requiring urgent remediation.

Roles and Responsibilities of Dismissed Personnel

The dismissed FEMA personnel included key leaders and members of the agency’s IT department responsible for overseeing and managing FEMA’s cybersecurity program. Among those terminated were Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards, who held critical roles in safeguarding FEMA networks, systems, and assets in compliance with federal laws, regulations, and departmental policies.
These individuals were tasked with implementing essential cybersecurity safeguards, such as multi-factor authentication and other protections designed to prevent unauthorized access and protect sensitive information. Their responsibilities included ensuring FEMA’s cybersecurity posture was robust and vulnerabilities were promptly addressed.
The 22 other IT employees dismissed alongside the CIO and CISO were responsible for executing these security protocols and maintaining the integrity of FEMA’s information systems. Their failures to adhere to basic security procedures and underestimating the severity of breaches significantly compromised the agency’s defenses. This group was accused of downplaying cyber vulnerabilities to DHS officials, delaying resolution efforts and increasing risks to FEMA’s systems.

Impact on FEMA’s Cybersecurity Posture and Operations

The dismissal of 24 FEMA IT experts, including key leaders in IT security, introduced significant instability within the agency’s cybersecurity posture and operational capabilities. FEMA is responsible for managing cybersecurity programs protecting its networks, systems, and assets in compliance with federal laws and departmental policies. Prior to these dismissals, FEMA had been criticized for failing to implement essential safeguards such as multi-factor authentication and remediation of known critical vulnerabilities.
DHS Secretary Noem’s investigation revealed FEMA’s IT staff resisted efforts to address cybersecurity problems, avoided scheduled inspections, and misrepresented the extent of vulnerabilities, including the use of prohibited legacy protocols and inadequate operational visibility. This contributed to a breach during a routine cybersecurity review, where threat actors exploited major security flaws, potentially threatening DHS and national security. The vulnerability was discovered and mitigated before sensitive data was compromised but highlighted severe lapses in FEMA’s cyber defenses.
While intended to demand accountability and prompt reforms, the termination raised concerns about destabilizing FEMA’s ability to maintain robust cybersecurity defenses. Cybersecurity is critical to FEMA’s operational effectiveness, and removing experienced staff amidst rising disaster demands and increased cyber threats could exacerbate challenges. This comes as federal efforts, including initiatives from DHS and the Cybersecurity and Infrastructure Security Agency (CISA), focus on enhancing cybersecurity readiness through new tools, grants, and partnerships securing state, local, and tribal governments.

Responses and Reactions

The dismissal of 24 FEMA IT experts by DHS Secretary Kristi Noem sparked significant controversy and varied reactions. Noem defended her actions by emphasizing swift federal disaster response, despite criticism of her policy requiring approval on FEMA expenditures over $100,000. She criticized FEMA’s IT leadership for “incompetence,” accusing them of downplaying the cybersecurity breach and obstructing DHS efforts to resolve the issue.
However, the firings caused shockwaves within FEMA, with some longtime officials describing the ousted leaders as “extremely competent” and “highly respected”. Critics expressed concern the changes came amid ongoing leadership turmoil, poor management, and staff frustration within FEMA, already facing heavy scrutiny. Michael Coen, former FEMA chief of staff under Presidents Obama and Biden, called Noem’s remarks “disappointing,” noting many disaster victims still depend on federal support. Experts warned that shifting disaster response responsibilities entirely to states could impose enormous financial burdens for public aid, cleanup, and rebuilding, especially as disasters increase in frequency and severity.
DHS claimed the routine cybersecurity review uncovered significant vulnerabilities, including failures to implement multi-factor authentication and use of prohibited protocols, facilitating a “threat actor” breach. DHS alleged FEMA leadership resisted necessary fixes, avoided inspections, and misrepresented vulnerabilities, echoing previous enforcement actions earlier in the year. Media outlets sought further information from DHS about the breach and personnel changes.
Supporters of Noem pointed to ongoing efforts under her leadership to enhance federal cybersecurity, including tools such as the Eviction Strategies Tool and Thorium, and distributing over $100 million in cybersecurity grants to state, local, and tribal governments. These initiatives, along with increased collaboration with private software companies, were presented as part of a broader strategy to strengthen national cyber defenses. Nonetheless, detractors argued politicizing FEMA risked undermining its crucial role in disaster preparedness and response, calling for a balance between reform and operational stability.

Subsequent Developments and Organizational Changes

Following the termination of 24 FEMA IT personnel, including CIO Charles Armstrong and CISO Gregory Edwards, significant organizational changes were initiated within FEMA’s cybersecurity and IT operations. These dismissals responded to major security vulnerabilities discovered during a routine cybersecurity review that revealed severe lapses, enabling a threat actor to breach FEMA’s network. Although no sensitive data was extracted, the breach highlighted critical weaknesses threatening both the agency and national security.
The firings by DHS Secretary Noem came amid existing criticisms of FEMA’s leadership and management, exacerbating agency instability during heightened disaster response demands. Noem characterized the dismissed IT leadership as incompetent, stating their failures put the American people at risk and emphasizing the need for accountability and reform. DHS justified the cuts as part of broader efforts to eliminate “non-mission critical personnel” and reduce federal waste, aligning with the Trump administration’s agenda for government efficiency.
In response to cybersecurity failures, FEMA undertook measures to strengthen oversight and management of its cybersecurity program, ensuring compliance with federal laws and departmental policies protecting networks, systems, and assets. These efforts aimed to restore confidence in FEMA’s ability to secure sensitive information and maintain operational integrity, particularly as local and state governments increasingly rely on federal support during escalating disaster events.
Secretary Noem’s actions signaled a broader push within DHS to revitalize key security components and address vulnerabilities across agencies. Alongside FEMA reforms, the Coast Guard was also being strengthened under the administration’s leadership to better secure America’s maritime borders and meet evolving security challenges.

Public and Internal Accountability

In response to significant cybersecurity vulnerabilities and operational failures within FEMA, DHS Secretary Kristi Noem took decisive action by dismissing 24 FEMA IT experts, including key leaders in IT security. This move demonstrated a strong commitment to accountability following revelations of systemic weaknesses such as lack of multi-factor authentication, use of prohibited protocols, and failure to address known security gaps. Noem emphasized these personnel prioritized concealing failures over protecting Americans, stating the public “deserve results from their government”.
The firings occurred amid broader efforts to reform and streamline FEMA, which employs over 20,000 people nationwide. DHS framed the layoffs as eliminating “non-mission critical personnel” in line with President Trump’s agenda to cut waste and incompetence in federal government. However, concerns arose over FEMA’s operational readiness, especially during ongoing emergencies. A New York Times report highlighted contract lapses and layoffs of hundreds of call center workers during a critical period severely impaired FEMA’s disaster response, causing call response rates to drop from over 99% to under 16% within days.
Noem’s public firings echoed earlier personnel actions taken in February, when she terminated four FEMA employees, including the agency’s chief financial officer, following accusations related to improper distribution and concealment of federal funds for migrant housing. These steps placed Noem at the center of controversy as FEMA navigates turbulent periods, with continued scrutiny over cybersecurity and disaster response capabilities. Despite the upheaval, the threat actor behind the recent breach remains unidentified, leaving questions about the agency’s security environment unresolved.

Broader Context

Kristi Noem, as DHS Secretary, has been actively involved in initiatives to enhance national security. Within her first 200 days, she focused on fulfilling President Trump’s promise to make America safe, including securing international agreements, improving border security, and reforming DHS operations. Her approach to FEMA has been contentious; earlier, Noem expressed intentions to “eliminate” FEMA, later softening to advocate for a “remade” agency with a new deployment strategy.
Noem’s perspective aligns with a broader debate over disaster response management in the U.S. While local and state governments traditionally lead disaster response and can request FEMA assistance, Noem and others argue for more localized control over disaster funds and decision-making. Critics note shifting responsibility entirely to states could impose substantial financial burdens due to increasing frequency and severity of natural disasters.
Amid this backdrop, FEMA has faced significant challenges, including leadership turnover, management issues, and staff dissatisfaction, compounding operational difficulties. Additionally, a routine cybersecurity review uncovered major vulnerabilities allowing a threat actor to breach FEMA’s network. DHS addressed the flaws before data compromise but highlighted critical cybersecurity weaknesses.
These factors provide broader context for the recent dismissal of 24 FEMA IT experts, including key IT leaders, under Noem’s leadership amid ongoing reform efforts during operational and security challenges.