CISA’s Future & Purpose Under Scrutiny From New DHS Secretary

The Cybersecurity and Infrastructure Security Agency, a once-growing arm of the Department of Homeland Security concentrated on protecting federal data and information, is now under the scrutiny of a Trump cabinet keen on efficiency and reduction. At the RSA Conference on April 30, DHS Secretary and 2025 Wash100 Award winner Kristi Noem made clear that CISA should be refocused to pursue its originally intended purpose to “hunt and harden systems.” It has overstepped, Noem suggested, in recent years and tried to act as a “Ministry of Truth,” SC Media reported.

Since President Trump returned to office in January, CISA has let go a significant number of its staff and The Record has published that there is serious talk of cutting the agency in half and dismissing up to 1,300 personnel. Noem at the conference was adamant that the agency would stay afloat but sees a need for a renewed effort toward operationalization.

CISA Executive Director Bridget Bean told Potomac Officers Club that she plans to follow up on Noem’s remarks at the 2025 Cyber Summit on Thursday, May 15, and share how the agency plans to move forward. Register for the event today to gain exclusive insight on how your GovCon business can be a part of the new CISA’s fight against cybercrime.

Noem’s New Direction for CISA

The secretary of homeland security asserted that “the federal government does not have all the answers” and submitted her belief that it’s in the best interest of the American people to look to the private sector and academia for cybersecurity innovation and support. A more robust support system at the state level needs to take precedence and that CISA could work to provide technical assistance to state and local initiatives.

Dovetailing with her contention that the private sector is the nexus of cyber thought leadership, Noem advocated in her remarks for the reauthorization of the decade-old Cybersecurity Information Sharing Extension Act, which enables companies to share cyber threat intelligence with the federal government. The secretary said that continuing the law, which was reintroduced in Congress by a pair of bipartisan senators, is a key rationale to diminishing CISA’s power. Through it, private sector entities can tip off the government about software vulnerabilities, malware, or suspicious IP addresses—tell-tale signs of impending cyber threats.

China, Secure by Design—Top Concerns

When Noem stepped into her role, she admitted to being surprised how little was known about hacker groups Salt Typhoon and Volt Typhoon, both linked to China. The country is the most clear threat, on a cyber level and more broadly, to the U.S., she argued, and it’s CISA’s job to get “more of those answers and more tools to be able to stop and prevent those kinds of invasions into our country.” Bridget Bean is committed to speaking about China and how the agency is working to block and diffuse its aggression in her Cyber Summit keynote.

A waste of CISA’s time and efforts is the amount of procured products that fail to incorporate necessary cyber protections from the jump, Noem said. She vowed that CISA will no longer remedy this problem and will enforce software makers to build proper precautions into their offerings, rendering them ‘secure by design.’

“The time is now. We will not continue to use taxpayer dollars to pay for security that should have been baked into products in the first place,” the secretary issued.

Secure by design will be another item on Bridget Bean’s agenda this coming Thursday, May 15, at the Potomac Officers Club’s 2025 Cyber Summit. You won’t want to miss this thrilling kick-off to a packed day of GovCon networking, new partnerships, fearless exploration of consequential cyber topics and much more.