DHS Secretary Noem Fires Two Dozen at FEMA Citing Cyber Lapses

Homeland Security Secretary Kristi Noem announced that she fired two dozen employees from the Federal Emergency Management Agency after a review determined significant flaws had allowed a hacker to access to FEMA’s network.

The employees “brazenly neglected basic security protocols,” including “an agencywide lack of multifactor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities and inadequate operational visibility,” according to a statement released on Friday afternoon.

“FEMA’s career IT leadership failed on every level,” Noem said. “These deep-state individuals were more interested in covering up their failures than protecting the Homeland and American citizens’ personal data.”

The firings followed a routine cybersecurity review that determined “significant security vulnerabilities that gave a threat actor access to FEMA’s network,” according to the statement. The problems were discovered before any Americans were directly impacted, the department said. Additional details about the breach, including who was responsible, weren’t immediately available.

The leaders of FEMA’s IT team “avoided scheduled inspections and lied to officials about the scope and scale of the cyber vulnerabilities,” according to the statement.

Noem specifically named FEMA Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards as two of the 24 information technology employees who were “directly responsible” and “immediately terminated.” Armstrong and Edwards didn’t immediately respond to requests for comment.

Homeland Security didn’t respond to a request for further information.

Photo: The Federal Emergency Management Agency (FEMA) headquarters in Washington, DC. Photographer: Stefani Reynolds/Bloomberg