The Department of Homeland Security under Secretary Kristi Noem recently witnessed a sweeping overhaul as 24 employees from the Federal Emergency Management Agency were terminated, with the dismissal including top IT leadership, as the New York Post reports.

Noem attributed the dismissals to serious cybersecurity lapses within FEMA, which left government networks and operations vulnerable to threats.

The individuals dismissed included both the chief information officer, Charles Armstrong, and the chief information security officer, Gregory Edwards, along with 22 other IT staff members.

This action was taken on Friday following an internal cybersecurity review ordered by Noem. The conclusion drawn from the review revealed that a threat had gained unauthorized access to FEMA’s network and exposed further weaknesses in its cybersecurity framework.

Investigation reveals repeated missteps

While the Department of Homeland Security successfully identified and shut down the cyber threat, FEMA's IT team inadvertently reopened the door to the threat.

According to a DHS representative, the team mistakenly reactivated the threat's access credentials, compounding the already critical situation.

The process brought to light the long-standing issues that FEMA’s career IT leadership had failed to address. Secretary Noem commented on the seriousness of the situation, emphasizing that FEMA’s leadership demonstrated incompetence at multiple levels, risking the safety of American citizens.

Furthermore, the DHS spokesperson highlighted misleading statements from IT leaders at FEMA who understated the extent of the vulnerabilities and even skipped scheduled inspections. Such actions painted a worrying picture of negligence within the department's operation.

Highlighting broader IT deficiencies

Among the various deficiencies noted in the findings, a significant gap identified was the absence of multi-factor authentication across FEMA systems, which left them exposed to cyber threats. Other critical vulnerabilities had also been ignored, deepening the risk of intrusion.

The federal agency had invested nearly half-a-billion dollars on its IT and cybersecurity measures in fiscal year 2025, heightening concerns over how such critical defenses could be susceptible to exploitation.

Raising further alarm was the use of Microsoft software, which according to a report by the tech giant on July 23, had been targeted by Chinese state-sponsored groups known as Linen Typhoon and Violet Typhoon.

These actors had exploited weaknesses in SharePoint servers, marking a broader national security concern.

National implications, responses unfold

This same group of hackers achieved widespread recognition following a breach of the National Nuclear Security Administration’s SharePoint systems, signifying what could become a recurring national security threat.

In response to these alarming developments, Secretary Noem expressed sharp criticism of FEMA’s long-standing officials, labeling them as resistant to change and indicating that they prioritized concealing their mishaps over public safety.

Attempting to reassure the public, a FEMA spokesperson acknowledged the critical flaw but noted that no American citizens had been directly impacted by the cyber occurrences. However, the potential risk posed by such breaches remains a point of contention.

Immediate actions taken, further steps awaited

The dismissals, deemed a necessary step by Noem, underline the urgent need for streamlined and reinforced cybersecurity measures within FEMA and other federal agencies. The push for more robust oversight and adherence to security protocols is expected to follow this dramatic reshuffling.

As the Department of Homeland Security moves forward, the focus remains on ensuring that dedicated resources effectively safeguard national infrastructure against similar incidents. Ensuring coordinated and strategic upgrades to cybersecurity practices across all government networks is likely to become a priority.

This recent purging signals a significant shift in federal cyber policy stewardship, with the goal of establishing reinforced defenses against increased global cybersecurity threats.