Secretary of Homeland Security Kristi Noem outlined her plans on Tuesday for the Cybersecurity and Infrastructure Security Agency (CISA), which she said is undergoing an assessment to better align the nation’s cyber defense agency to its original mission.
Speaking at the 2025 RSAC Conference in San Francisco, Noem defended recent cuts to CISA’s workforce and other programs.
“I know the press has covered the role of Homeland Security and what we have done in CISA, as far as some of the reforms and efficiencies and some of the initiatives and task forces and advisory councils that we’re changing as a bad thing,” Noem said during her speech to the cyber community.
“I would encourage you to say, ‘Just wait till you see what we’re able to do,’ that there are reforms going on that [are] going to be much more responsive,” she said.
“Instead of just talking about cybersecurity, we’re going to do it,” the DHS secretary said. “You’re going to have a seat at the table that will be much bigger and will help you partner with us in a way that really will make sure that there’s consequences in place for bad actors, and that we make sure that we are able to bring more security to the American people.”
CISA has undergone recent efforts to cut its workforce and disband programs such as the Cyber Safety Review Board (CSRB).
While the roughly 20 private and public sector experts who served on the CSRB have been dismissed, the Department of Homeland Security (DHS) is considering reconstituting the board. Deputy Secretary Troy Edgar suggested CISA “overstepped its boundaries and authorities” in regards to the CSRB, saying CISA “needs to be reeled in, and it starts with that steering committee.”
Secretary Noem shared similar sentiments during her speech, explaining, “We need to put CISA back on mission.”
Noem defended the decision to end CISA’s misinformation and disinformation campaigns, arguing, “It’s not the job of CISA to be the Ministry of Truth. It is the job to be a cybersecurity agency that works to protect this country.”
“We are conducting an assessment of this office to make sure that we are not overreaching, that we’re returning money back to taxpayers, and we’re realigning the workforce to focus on what the mission is that Congress has laid out,” Noem said.
The secretary said CISA is working with members of Congress “in a new way” to ensure they have “a uniform approach and a national security approach” to addressing cyber threats.
Additionally, Noem outlined several other priorities for the agency, including plans to promote Secure by Design practices in technology procurement.
She said DHS will be making recommendations to state and local agencies and government entities to have Secure by Design products in place in accordance with the Federal Acquisition Regulation.
“We’re not going to be paying for security add-ons that should have already been in the software to begin with, that should have been in the product that we’re buying,” Noem said. “We’re no longer going to be paying for extra dollars and taxpayer dollars to rectify security lapses that never should have occurred in the first place.”
Noem also called for the reauthorization of the Cybersecurity Information Sharing Act – a law that is set to expire on Sept. 30 absent congressional action to renew it. Just last week, Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., introduced the Cybersecurity Information Sharing Extension Act, which would extend the existing law to 2035.
“I’m going to ask for your help immediately, if you would contact us and give us some recommendations for what we could put forward into memos or into executive orders immediately that would help you streamline our approach to how we do cybersecurity in this country, but that could be codified into law through that reauthorization act,” Noem said.
Finally, she said CISA is also reviewing all of the private sector feedback on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Noem said CISA is ensuring that feedback is incorporated into “updates and policies that would be put into statute.”
“This framework has been discussed for years, but it’s time to take action and to put it into place,” Noem concluded.