With the RSA conference this week, Homeland Security Secretary Kristi Noem announced plans to refocus the Cybersecurity and Infrastructure Security Agency on its core mission of protecting critical infrastructure from sophisticated threats, particularly those posed by China. Speaking at the 2025 RSA Conference, Noem criticized previous leadership for what she termed “mission drift,” indicating that the agency should not engage in misinformation efforts, referring to these as inappropriate. Noem emphasized the need for improved information sharing across government agencies and a push for secure technology procurement. She stated, “We are no longer going to be paying extra dollars, and taxpayer dollars, to rectify security lapses that never should have occurred in the first place.” Additionally, she addressed the restructuring of advisory bodies within the agency and the balance between federal oversight and state-level innovation, highlighting the vulnerabilities of aging state IT systems.
The Take It Down Act has passed the House with overwhelming support and is now headed to President Donald Trump’s desk for signature. This legislation mandates that social media companies remove flagged nonconsensual sexual images, including those generated by artificial intelligence, within 48 hours of notification. The bill was approved with a vote of 409 to 2, reflecting a rare bipartisan effort amidst ongoing concerns about online safety and digital abuse. Critics warn, however, that the legislation could be misused to suppress free speech and may disproportionately affect smaller platforms that lack the resources to comply quickly. The Electronic Frontier Foundation has expressed concerns that the bill could lead to a reduction in encryption practices on these platforms, potentially jeopardizing user privacy. Despite these warnings, the bill has garnered support from prominent figures, including First Lady Melania Trump, and has been praised by companies such as Google and Snap for its intent to protect victims of nonconsensual content.
Why do we care?
MSPs and MSSPs working with public sector clients, utilities, or regulated industries need to track this shift closely. Expect a return to hardened perimeter defense, secure-by-design procurement, and state-vs-federal jurisdiction tension—particularly if CISA limits itself to “cyber-physical” threats. Let’s see if Noem carries through with her statement about not paying for lapses that shouldn’t have happened.
The Take It Down Act sets a federal enforcement clock for content moderation and opens the door to AI-focused takedown requests. That’s a new compliance layer, even for mid-sized platforms and online communities—including some IT service providers that host customer portals or collaboration platforms. If you host content or apps for clients (forums, wikis, customer content platforms), you may face legal exposure if takedown workflows aren’t in place. Yes, this should mostly be consumer side… but this could happen on any platform.