Homeland Security Secretary Kristi Noem terminated FEMA Chief Information Officer Charles Armstrong, Chief Information Security Officer Gregory Edwards, and 22 other FEMA IT employees after cybersecurity failures. A routine review uncovered a vulnerability that was addressed before any sensitive data could be stolen. DHS said the review uncovered severe lapses that allowed a threat actor to breach FEMA's network and pose risks to the department and nation. An internal FEMA email ordered employees to change passwords within two weeks due to recent cybersecurity incidents and threats. DHS cited lack of multi-factor authentication, prohibited legacy protocols, unpatched critical flaws, and poor operational visibility.
Noem's office said agency Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards were terminated, alongside 22 others. They could not be immediately reached for comment. A routine cybersecurity review of FEMA's systems uncovered the vulnerability, DHS said in a statement, which added that the vulnerability was addressed before any sensitive data could be pilfered from its systems.
An internal FEMA email dated August 18 obtained by Nextgov/FCW ordered all agency employees to change their passwords "due to recent cybersecurity incidents and threats." It required password changes within two weeks of the email being sent. The email did not provide details about the security issues. FEMA's IT employees "resisted any efforts to fix the problem," avoided scheduled inspections and "lied" to officials about the scope of the cyber vulnerabilities, the agency added.
Collection
[
|
...
]