- 5 things to do on World Password Day to keep your accounts safe
- RAG can make AI models riskier and less reliable, new research shows
- FBI Publishes 42,000 LabHost Phishing Domains
- 5 consigli per trasformare i dati aziendali in nuove fonti di reddito
- The best secure browsers for privacy in 2025: Expert tested
DHS Head Accuses CISA of Acting Like “the Ministry of Truth”
The head of Homeland Security has accused Cybersecurity and Infrastructure Security Agency (CISA) of losing sight of its original mission and behaving like “the ministry of truth.”
Kristi Noem, Secretary of Homeland Security at the US Department of Homeland Security, which CISA is part of, said the agency had got too wrapped up in tackling disinformation.
During a keynote speech on Tuesday April 29 at the RSA 2025 Conference, she said that Congress created CISA for the core purposes of hardening federal government systems and providing cybersecurity support to local authorities, critical infrastructure and small and medium businesses to help them defend against bad actors.
“Instead, we saw CISA get into a misinformation/disinformation campaign. They were deciding what was truth and what was not and it was not the job of CISA to be the ministry of truth. It is their job to be a cybersecurity agency that works to protect this country,” Noem commented.
As a result, President Trump’s administration is assessing the work of the agency and is introducing reforms to ensure it is focusing on the core functions it was created for, she added.
One aspect of these reforms appears to be improving coordination across government, including among intelligence agencies, and threat intelligence communications between CISA and the states.
Noem Addresses Criticisms of Cyber Cutbacks
Noem emphasized that CISA will continue to be the nation’s cyber defense agency going forward.
“I know the press has covered the role of Homeland Security and what we have done in CISA as far with some of the reforms and efficiencies as a bad thing. I would encourage you to say just wait until you see what we’re able to do. There are reforms going on that are going to be much more responsive,” she stated.
Since the Trump administration took office in January 2025, there have been numerous reports of cutbacks to federal government cybersecurity functions, which experts have warned could significantly weaken the nation’s ability to be resilient against rising threats.
In March, it was reported that around 300 personnel within the agency had their contracts terminated alongside significant funding cuts for cybersecurity projects.
Cutbacks have reportedly significantly impacted CISA’s election security work, including the termination of federal funded activities supporting the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC).
In April, the cybersecurity community discovered in a letter signed by Yosry Barsoum, vice president of a US-based non-profit MITRE, that the US government was not going to renew the organization’s contract to manage the CVE and Common Weakness Enumeration (CWE) programs.
However, CISA subsequently announced an 11-month extension for the program just before the contract was set to expire on April 16.
China Remains Primary Threat to US
In her RSA address, Noem warned that the biggest cyber threat facing the US continues to come from China.
This threat was highlighted by the discovery of several Chinese espionage campaigns that infiltrated federal government and critical infrastructure systems in the past year.
This includes the APT actors Volt Typhoon and Salt Typhoon remaining undetected on such networks over long periods, including in essential sectors such as communications, energy and water.
Noem said these infiltrations were a demonstration from China that it could easily shut down US critical infrastructure.
“One of the things that alarmed me the first time I was briefed on those situations [Volt Typhoon and Slat Typhoon] before I was sworn in was that we don’t necessarily know how it happened and we don’t know how to prevent it in the future – my goal is to make sure that we do have more of those answers,” Noem commented.
Criticisms of Secure by Design Strategy
Noem appeared to take a swipe at CISA’s secure by design strategy, suggesting that it amounted to little more than a social media awareness campaign.
CISA developed a Secure by Design initiative in April 2023 to explain how software manufacturers can ensure security is built into their products, such as ensuring known vulnerabilities are not present.
A Secure by Design Pledge was then announced in May 2024, encouraging manufacturers to commit to making progress across a range of secure by design principles.
Noem insisted that the Trump administration takes security by design very seriously and will be doing more to enforce these practices among technology providers.
“To all of you out there who are working on making sure that you’re building good systems, I want you to know that the approach from the government is going to be very different now,” Noem stated.
She also warned tech manufacturers, including cloud and internet service providers, that the federal government will no longer accept digital products that do not have security built into them, and make similar recommendations to states and local governments.
“At the Department of Homeland Security, we’re going to be using our purchasing power to demand that we have secure products on the market,” Noem said.
She added: “We’re not going to be paying for security add-ons that should have been in the software to begin with.”
Earlier in April, two top CISA officials involved in the Security by Design program resigned from the agency.
Bob Lord, a Senior Technical Advisor at the agency since April 2022, and Lauren Zabierek, Senior Advisor since January 2023, both announced their departures via LinkedIn. Each highlighted their pride working on the Secure by Design initiative.
Image credit: Christianthiel.net / Shutterstock.com
