Trump taps border hawk to head DHS. Will Noem’s ‘enthusiasm’ extend to digital domain?

November 23, 2024 TH Author

Analysis President-elect Donald Trump has announced several unorthodox nominations for his cabinet over the last two weeks, including South Dakota Governor Kristi Noem, whom he tapped to serve as Homeland Security Secretary.

Noem, a Trump loyalist and conservative Republican, is known for her tough stance on border control and hawkish immigration views (plus shooting the family puppy). In accepting the nomination, Noem promised to “make America SAFE again,” and she’ll undoubtedly be a staunch supporter of Trump’s mass deportation efforts — which is likely what earned her Trump’s vote for the post.

If the US Senate confirms Noem, she’ll also play a role in government cybersecurity as the US Cybersecurity and Infrastructure Agency sits as an independent federal agency under the larger DHS umbrella. Amid an uptick in Russian and Chinese digital intrusions, American cybersecurity plays an increasing role in homeland security concerns.

CISA’s focus on countering online disinformation — especially as it relates to election security and Trump’s loss to Joe Biden in 2020 — has drawn criticism from the president-elect and like-minded lawmakers, prompting calls to rein in CISA’s mission or even eliminate the agency altogether.

As governor, Noem supported infosec initiatives at the state level. However, she also twice refused millions of dollars in federal grants to support state and local governments’ cybersecurity efforts.

“Kristi Noem has a tough job ahead of her,” former White House CIO Theresa Payton told The Register, adding that Noem’s appointment comes at “a pivotal moment for US government cybersecurity.”

State-led efforts vs. federal oversight

“Governor Noem’s approach naturally reflects a governor’s inclination toward states’ rights, favoring state-led initiatives over federal oversight in cybersecurity. This perspective has its advantages, particularly in fostering localized solutions that are tailored to the unique needs of individual communities,” Payton continued.

“However, with the growing scale and sophistication of threats like infiltration of our gas pipeline, telecom systems, email platforms, — especially those targeting federal systems and national infrastructure — a streamlined approach at the federal level is more critical than ever.”

Noem likes to talk about cybersecurity being “South Dakota’s next big industry,” and during her time in office, the state has added jobs and invested in university programs and research. Her website cites 4,000 jobs added in scientific and technical services over five years, and claims a 25 percent growth rate in the sector.

Her track record shows she understands the importance of cybersecurity, particularly in local initiatives as seen in South Dakota

Additionally, the US National Security Agency has designated Dakota State University as a “Center of Academic Excellence in Cyber Operations,” and Noem says her administration is investing $90 million to expand the university’s infosec programs, which includes building a second cyber-research and development hub in Sioux Falls.

“Her track record shows she understands the importance of cybersecurity, particularly in local initiatives as seen in South Dakota,” Payton said. “She has championed investments in university programs and established the Cybercrime Prevention Consortium to protect state-level digital assets and infrastructure. These actions highlight her recognition of cybersecurity as a growing priority.”

Noem also took a hard stance on TikTok posing a national security threat to Americans, banning the video streaming app from state-owned devices in 2022. At the time, she cited TikTok’s Chinese owner, ByteDance, and risks posed by its “broad data collection policies [PDF].”

This, however, may be a tough position for Noem to maintain under the new administration. Trump supported a TikTok ban the first time he was in the Oval Office, and signed an Executive Order for this purpose in 2020. More recently, however, Trump has changed course and pledged to “save TikTok.”

While TikTok is likely to get a pass under the incoming Trump administration, CISA may not fare as well.

What’s next for CISA?

“CISA is one of agencies where the Trump Administration is pretty clear what it wants to do,” Bambenek Consulting President John Bambenek told The Register.

“It wants to end any role in countering disinformation/misinformation and have the agency focus solely on protecting the civilian government networks, public-private partnerships and information sharing on emerging threats, and coordinating protection of the nation’s critical infrastructure,” he said. “I imagine much of this will be executed upon quickly.”

One thing we do know: CISA Director Jen Easterly won’t be sticking around. She will step down from the post prior to Trump being sworn in, a CISA spokesperson told The Register.

“All appointees of the Biden Administration will vacate their positions by the time the new Administration takes office at noon on January 20,” the spokesperson said. “At CISA, we are fully committed to a seamless transition.”

While CISA, and the attention given to it by DHS, will likely “fade even further to the background in the context of a Trump administration,” according to Rex Booth, CISO at SailPoint, there are a couple ways in which the agency may draw Noem’s ire.

“By countering mis/disinformation campaigns, primarily executed by Russia, or by weighing in on election security,” Booth told The Register. “Both issues have been hot button issues for past CISA directors, and I expect the next crop of CISA leadership under Noem-Trump will steer far clear of them.”

One thing Booth says he’ll keep an eye on is whether “Noem’s enthusiasm for border security extends to the digital domain.”

While the US “desperately” needs to do a better job securing critical infrastructure, “the battles we wage in the cyber domain don’t resonate with the public or in politics,” he noted.

“Cyber remains a secondary concern to topics involving borders and soldiers and guns,” Booth opined. “But the impact of a cyber attack on our power grids or water supply could exceed any domestic impact since the war of 1812, and any administration regardless of political party would be smart to pay attention.” ®