Earlier this year, a hacker managed to gain access to the computer networks of the Federal Emergency Management Agency (FEMA) and stayed in them for several months, stealing data about FEMA and US Customs and Border Protection (CBP) employees.
Nextgov/FCW, a news outlet, saw a summary of the Department of Homeland Security (DHS) notification sent to FEMA in July. It said that a hacker used compromised credentials to get into the agency’s network through Citrix Systems’ remote desktop software.
FEMA’s Region 6, which includes Arkansas, Louisiana, New Mexico, Oklahoma, and Texas, was targeted. Data was nabbed from servers in the same region.
The breach began on June 22nd, and even though DHS security operations staff were notified of the breach on July 7th, the threat actor kept digging around the network for weeks.
According to Nextgov/FCW sources, the handling of the breach pushed Homeland Security Secretary Kristi Noem to fire at least two dozen FEMA employees, including executives at the IT Department.
The firings were announced in late August, after a routine review uncovered a vulnerability “that allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole.”
“When DHS stepped in to fix the problem, entrenched bureaucrats worked to prevent us from solving the problem and downplayed just how bad this breach was,” said Noem at the time.
“These deep-state individuals were more interested in covering up their failures than in protecting the Homeland and American citizens’ personal data, so I terminated them immediately. The American people deserve results from their government.”
Internal meeting notes seen by Nextgov/FCW also indicate that Citrix failed to convey the full scale of the threat to FEMA, leaving several IT staff hanging.
According to DHS, FEMA oversights included an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failure to fix known and critical vulnerabilities, and inadequate operational visibility.
To be fair, though, internal meeting notes seen by Nextgov/FCW also indicate that Citrix failed to convey the full scale of the threat to FEMA, leaving several IT staff hanging.
Some of the aforementioned states, of course, sit on the US southern border. That region has long been a flashpoint in the Trump administration immigration policies.
Noem faced criticism earlier this year for creating a bottleneck at FEMA, leading to delays in deploying critical search-and-rescue teams during deadly floods in Texas. The delays were reportedly caused by her decision to personally approve all payments over $100,000.
However, Noem reportedly used her authority to fast-track millions in disaster relief for a Florida tourist pier after a campaign donor intervened on the mayor’s behalf.
Finally, due to claims in the Government Accountability Office report that FEMA violated federal law six times under Noem, Democrats are calling for her resignation.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked