Deep-State IT Workers Ousted — Kristi Noem Takes Charge

Secretary Kristi Noem fired over two dozen FEMA IT officials after discovering they allowed hackers to steal federal employee data for weeks while covering up the massive security breach.

Story Highlights

Hackers exploited a Citrix vulnerability to access FEMA and CBP employee data across five southern border states for nearly a month.
FEMA IT leadership, including CIO and CISO, was terminated for gross negligence and resistance to security protocols.
The breach affected Region 6, which encompasses Texas, Arkansas, Louisiana, New Mexico, and Oklahoma, during the peak hurricane season.
DHS initially denied data theft but later confirmed hackers successfully exfiltrated sensitive employee information.

Bureaucratic Negligence Exposed Critical Vulnerabilities

The June 2025 cyber attack began when hackers exploited the CitrixBleed 2.0 vulnerability to penetrate FEMA’s virtual desktop infrastructure using compromised credentials.

The breach specifically targeted Region 6, which oversees disaster response across five critical southern border states.

Despite DHS security operations being notified on July 7th, the threat actors continued accessing systems until July 16th, demonstrating a catastrophic failure in federal cybersecurity response protocols.

What makes this breach particularly egregious is the systematic negligence displayed by FEMA’s IT leadership. According to internal documents, the agency lacked basic multi-factor authentication and continued using outdated security protocols despite known vulnerabilities.

The hackers had unfettered access to sensitive employee data while federal IT officials reportedly resisted remediation efforts and failed to implement industry-standard security measures that any competent private sector organization would consider mandatory.

Deep State Resistance Hampered Security Response

Secretary Noem’s decisive action in terminating FEMA’s top technology officers, including CIO Charles Armstrong and CISO Gregory Edwards, reflects the Trump administration’s commitment to draining the swamp of incompetent bureaucrats.

These officials not only failed to protect American taxpayer-funded systems but also actively resisted oversight and accountability measures. Their termination sends a clear message that the era of consequence-free government employment is over.

The timing of this breach is particularly concerning, given Region 6’s coverage of critical border states during ongoing immigration challenges. FEMA and CBP employee data in the hands of foreign adversaries could compromise national security operations along our southern border.

This represents exactly the kind of bureaucratic failure that frustrated Americans voted to eliminate in 2024, where entrenched government employees prioritize self-preservation over protecting American interests.

Systemic Failures Reveal Deeper Government Problems

The breach timeline reveals shocking incompetence that would never be tolerated in the private sector. Hackers maintained access from June 22nd through multiple remediation attempts, with FEMA only ordering agency-wide password changes on August 18th—nearly two months after the initial intrusion.

The fact that threat actors attempted to install additional extraction software on July 14th, while federal officials apparently stood by helplessly, demonstrates the complete breakdown of cybersecurity governance under the previous administration.

Even more troubling is DHS’s initial false claim that no sensitive data was compromised, only to later admit that hackers successfully exfiltrated information from Region 6 servers.

This pattern of dishonesty and cover-up attempts typifies the deep state mentality that puts political face-saving above transparency and accountability to the American people.

Cybersecurity experts have noted that the CitrixBleed vulnerability was well-known in the security community, making FEMA’s failure to patch these systems inexcusable.

Accountability Measures Restore Public Trust

Secretary Noem’s swift termination of over two dozen FEMA IT personnel demonstrates the Trump administration’s commitment to results-oriented governance.

Unlike the previous administration’s tendency to promote failure and protect incompetent bureaucrats, this decisive action shows that federal employees will be held to the same performance standards expected in the private sector. The message is clear: protect American data and infrastructure, or find another job.

The broader implications extend beyond this single breach to represent a fundamental shift in federal accountability. Previous administrations allowed agencies like FEMA to operate with minimal oversight while wasting taxpayer dollars on outdated systems and ineffective personnel.

This incident proves that decisive leadership and accountability measures are essential for protecting American interests from both foreign adversaries and domestic bureaucratic incompetence.