Homeland Secretary Noem Vows to Put CISA ‘Back to Focusing on its Core Mission’
SAN FRANCISCO — Homeland Security Secretary Kristi Noem on Tuesday vowed to refocus the Cybersecurity and Infrastructure Security Agency (CISA), especially in defense of critical systems threatened by sophisticated cyberattacks from China, while beseeching the agency to return to a “back-to-basics” approach.
“We’re going to make sure that we need to put CISA back to focusing on its core mission,” Noem said in a keynote speech at the RSAC in San Francisco on Tuesday. “They were deciding what was truth and what was not. And it’s not the job of CISA to be the ‘Ministry of Truth.’ It’s to be a cybersecurity agency that works to protect this country.”
The “Ministry of Truth” reference was aimed at CISA’s misinformation and election security efforts under former head Chris Krebs, which prompted President Donald Trump to issue an executive order that stripped Krebs of his security clearance. Under Krebs, CISA established a “rumor control” website that evaluated conspiracy theories about stolen votes and votes cast by the deceased. Noem, who is overseeing deep budget cuts to CISA, claimed the agency had gone off the rails by trying to dispel disinformation.
“That’s not what the mission set was for CISA to be doing. They shouldn’t have been involved in that at all,” said Noem, who outlined new priorities for the department that include improved information sharing across government agencies, the creation of clearer blueprints for state and local response to cyber incidents, and “secure by design” practices in technology procurement.
“We’re not going to be paying for security add-ons that should have already been in the software to begin with,” Noem, the former governor of South Dakota, told interviewer José-Marie Griffiths, president of Dakota State University. “We are no longer going to be paying extra dollars, and taxpayer dollars, to rectify security lapses that never should have occurred in the first place.”
She emphasized the threat to crucial infrastructure from China. Digital assaults from Russia, Iran and North Korea have been repeatedly highlighted at the annual cybersecurity event here — particularly as artificial intelligence (AI) features have allowed bad actors to expand the scope and capabilities of sophisticated attacks across government and business systems.
“We’ve seen examples of cyber espionage like Salt Typhoon and Volt Typhoon that have been very effective against us,” Noem said. “And one of the things that had alarmed me the first time that I had been briefed on those situations coming into this role, before I was ever sworn in, was that we don’t necessarily know exactly how it happened, and we don’t know how to prevent it in the future.”
Christina Cravens, chief marketing officer and chief growth officer at Redjack, said the onus of the private sector to assist in cybersecurity might prove beneficial given the industry’s “greater understanding” of technology than government agencies.