U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid leadership turnover and staffing reductions at CISA, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director Madhu Gottumukkala was replaced by Nick Andersen following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. Joshua Rudd to lead U.S. Cyber Command and the NSA, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief.
CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the POEM framework (Plan, Organize, Execute, Maintain) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a partial DHS shutdown was reported to be stalling progress on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Timeline
Apr 3, 2026
Trump proposes $707 million cut to CISA's FY2027 budget
On April 3, 2026, President Trump proposed cutting $707 million from CISA's fiscal year 2027 budget, framing the reduction as a refocus on the agency's core cybersecurity mission. The proposal would eliminate or reduce programs tied to misinformation, stakeholder engagement, international affairs, and other functions, raising concerns about weakened coordination with government and private-sector partners.
Mar 2, 2026
Sean Plankey nominated as permanent CISA director
Sean Plankey was nominated to serve as CISA's permanent director, but his Senate confirmation remained pending and was reportedly delayed by demands to release a report on telecom cybersecurity flaws tied to Salt Typhoon activity.
Mar 2, 2026
CISA staffing cut by roughly one-third amid leadership turnover
Over the past year, CISA reportedly lost about one-third of its staff and also saw the departure of Chief Information Officer Bob Costello, prompting concerns about the agency's operational capacity and security posture.
Mar 2, 2026
Nick Andersen becomes CISA acting director after Madhu Gottumukkala
Nick Andersen replaced Madhu Gottumukkala as CISA's acting director following controversies during Gottumukkala's tenure, including reports involving sensitive document handling and a failed counterintelligence polygraph.
Mar 2, 2026
Partial DHS shutdown delays CIRCIA rulemaking progress
A partial U.S. government shutdown affecting the Department of Homeland Security stalled progress on CISA's cyber incident reporting rule, complicating compliance planning for critical infrastructure organizations.
Feb 27, 2026
Sen. Ron Wyden opposes Joshua Rudd's NSA/Cybercom nomination
Sen. Ron Wyden entered a letter into the Congressional Record opposing Army Lt. Gen. Joshua Rudd's nomination to lead the NSA and U.S. Cyber Command, arguing that Rudd lacks sufficient experience and understanding of constitutional rights for the role.
Feb 1, 2026
CISA seeks additional feedback on draft CIRCIA rule
In February 2026, CISA announced it was seeking additional feedback on its draft CIRCIA incident reporting rule, its first major update since industry comments were submitted in 2024.
Jan 28, 2026
CISA publishes insider threat management team guidance
On January 28, 2026, CISA released guidance titled "Assembling a Multi-Disciplinary Insider Threat Management Team" to help organizations build insider threat programs using its four-phase POEM framework.
Jan 26, 2026
CISA, FBI, and NSA withdraw from RSAC after Jen Easterly's hiring
Eight days after RSAC appointed former CISA Director Jen Easterly as CEO, CISA, the FBI, and the NSA withdrew from participation in the conference and their officials were removed from the event schedule. The move disrupted planned panels on public-private partnerships, incident response, and nation-state threats, marking a break from years of federal participation in RSAC.
Apr 1, 2025
Gen. Timothy Haugh removed from NSA and Cyber Command leadership
Gen. Timothy Haugh was removed from leadership of the National Security Agency and U.S. Cyber Command in April 2025, leaving both organizations without a permanent chief for months.
Jun 1, 2024
CISA receives industry comments on draft CIRCIA reporting rule
Industry comments on CISA's draft Cyber Incident Reporting for Critical Infrastructure Act rule were submitted in June 2024, marking a key step in the agency's incident reporting rulemaking process.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Organizations
Sources
1 more from sources like cybersecurity dive
Related Stories
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
1 months ago
US Federal Cyber and IT Leadership Turnover and Confirmation Disputes
US federal cyber and IT leadership saw multiple high-profile personnel moves, including a planned transition at the **Cybersecurity and Infrastructure Security Agency (CISA)**. Acting director **Madhu Gottumukkala** is expected to leave CISA for a new Department of Homeland Security role as director of strategic implementation, with **Nick Andersen** (CISA’s executive assistant director for cybersecurity) slated to become acting director. Separately, CISA **CIO Bob Costello** reportedly received reassignment/transfer orders and is expected to depart the agency, with reporting indicating he may have been offered reassignment to **FEMA**; the reasons for the move were not publicly clarified. In parallel, Senate confirmation politics affected senior national cyber leadership: Sen. **Ron Wyden** said he would block confirmation of Lt. Gen. **Joshua Rudd** to lead both **U.S. Cyber Command** and the **NSA**, citing a lack of cyber and signals intelligence experience and concerns about his understanding of NSA surveillance authorities. Outside the cyber agencies, the **Department of Justice** elevated **Nikki Collier** from deputy CIO to permanent CIO, following a prolonged vacancy after the prior CIO’s departure, underscoring broader federal IT leadership churn during a period of workforce reductions and ongoing scrutiny of security governance practices.
1 months ago
US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would **temporarily extend two major U.S. cybersecurity authorities**—the 2015 *Cybersecurity and Infrastructure Security Act* (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the **State and Local Cybersecurity Grant Program**—through **September 30**. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections. Separately, reporting highlighted **internal leadership instability at CISA**: acting director **Madhu Gottumukkala** reportedly attempted to remove or reassign CISA CIO **Robert Costello** via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
1 months ago