SAN FRANCISCO — Homeland Security Secretary Kristi Noem used a keynote at the RSAC on Tuesday to call for a realignment of the Cybersecurity and Infrastructure Security Agency (CISA), sharply criticizing the agency’s past focus on disinformation and warning against federal overreach in cybersecurity policy.
Speaking to a packed audience, Noem said CISA had strayed beyond its founding purpose. Without naming former
CISA director Chris Krebs —
fired by President Donald Trump in 2020 for publicly affirming the legitimacy of the presidential election — Noem took direct aim at the agency’s previous work combating disinformation.
(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)“CISA is not the Ministry of Truth,” she said. “It is the job of CISA to be a cybersecurity agency that works to protect this country.”
CISA was created by Congress in 2018, during Trump’s first term, with a mission to help safeguard federal systems and critical infrastructure from cyber threats. The agency played a high-profile role in securing the 2020 elections, particularly in pushing back on election misinformation. Its public posture, which included real-time debunking of election-fraud claims, drew the ire of Trump allies and led to Krebs' dismissal.
The current Trump administration has launched a series of moves widely seen as politicizing and undermining U.S. cybersecurity. Most notably, it revoked
Krebs' security clearance and
suspended clearances for employees at SentinelOne, where Krebs previously worked.
'Getting CISA back on mission'
Noem said her department is conducting a formal review of CISA, including its physical headquarters, funding levels and personnel. She suggested the agency would be restructured to focus on technical assistance to state and local governments and small businesses, with an emphasis on "operationalizing" its work.
“We are not eliminating CISA,” Noem said in a follow-up exchange with Dakota State University President José-Marie Griffiths. “But we are making sure it does what it was created to do: hunt and harden systems. That’s what the American people need.”
Her remarks come amid reports that DHS has canceled certain CISA infrastructure projects and reallocated funding, including pausing construction of a long-planned headquarters. The administration has also flirted with
cutting funding for essential programs such as MITRE.
During Trump's first 100 days in office, CISA has experienced
substantial workforce reductions, with reports indicating there are plans to cut staff levels in half, eliminate up to 1,300 positions,
according to a report by The Record. Additionally, the agency terminated approximately $10 million in annual funding to the Center for Internet Security, according to a
report by the Associated Press.
Asked to address concerns that these moves signal a de-prioritization of cybersecurity, Noem argued the opposite.
“I don’t think you’ve ever seen this much of a DHS contingent here,” she said, noting that her deputy, Troy Edgar, and the incoming CISA director were also present at the conference. “This is a priority for President Trump.”
Targeting China, downsizing Washington
Noem described China as the United States’ “biggest cyber threat,” citing the recent Office of the Director of National Intelligence’s 2025 threat assessment. She said Chinese cyber operations often begin by infiltrating small businesses and local governments before moving upstream.
“The biggest systems in our federal government are only as strong as the weakest link,” she said.
In response, Noem said DHS would build a closer working relationship with states, encouraging governors to establish secure communications facilities and designate cyber liaisons. She described a need for “faster, more efficient” response structures and suggested state National Guard units could be used in cyber incident response.
Still, Noem made clear that federal reach would be curtailed. She reiterated a vision of a downsized Washington and emphasized that “the federal government does not have all the answers.”
Guardrails, not mandates
Throughout her address and the Q&A, Noem returned to the idea that innovation should come from the private sector and that government’s role is to support, not dictate, cybersecurity strategy.
“We need to reduce regulation,” she said. “But we still need to build guardrails — just not in a way that stifles innovation.”
She pledged to use DHS’s procurement power to enforce “secure by design” principles, warning vendors that the agency would no longer pay to patch vulnerabilities in software that should have been secure from the start.
“The time is now,” Noem said. “We will not continue to use taxpayer dollars to pay for security that should have been baked into products in the first place.”
Cutting research, redefining priorities
Noem also confirmed the closure of DHS’s Science and Technology Directorate, the agency’s main research arm, a move that has raised alarms in the academic and cybersecurity communities. She defended the decision, saying federal research was often inefficient and that innovation should instead come from universities and private-sector partners.
“I rarely find the best answers inside government,” she said. “They usually come from outside — academia, people on the front lines.”
She added that DHS would partner with institutions like Dakota State University, which has become a cybersecurity training hub, to drive workforce development and research.
The Science and Technology Directorate has played a key role in U.S. cybersecurity innovation, supporting projects like the
IMPACT program (archived link) for cyber-risk data sharing, the Autonomic Intelligent Cyber Sensor for protecting critical infrastructure, and the Silicon Valley Innovation Program, which brings private-sector technology into government use.
The politics behind the pivot
The changes outlined by Noem mark a stark departure from the Biden administration’s cyber policy, which expanded CISA’s role and treated disinformation as a cybersecurity threat. Under former President Joe Biden, CISA became a central coordinating body for critical infrastructure defense, ransomware response, and digital trust-building efforts.
Noem’s keynote signals a different approach — one that leans on state and private-sector leadership, seeks to curb federal intervention, and views prior CISA activities as ideological overreach.
Whether that strategy will improve national resilience or expose critical gaps remains to be seen. But in San Francisco, Noem left little doubt: The Trump administration’s cybersecurity policy is under reconstruction — and some pillars of the old model are coming down.
(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)
