Leadership Uncertainty at U.S. Cyber Command and NSA Amidst Policy Disarray
U.S. Cyber Command and the National Security Agency have been without a permanent leader for over seven months following the dismissal of Air Force Gen. Timothy Haugh and his deputy, a move that has unsettled both organizations. Army Lt. Gen. Joshua Rudd, currently serving as the No. 2 at U.S. Indo-Pacific Command and lacking direct cyber or signals intelligence experience, has emerged as a leading candidate for the dual-hat leadership role, though the selection process remains fluid and contentious. Key leadership positions at both agencies remain unfilled, with Marine Corps Maj. Gen. Lorna Mahlock and Brig. Gen. Matthew Lennox identified as likely appointees to senior roles once the top post is settled.
This leadership vacuum comes as the Trump administration’s official cyber policy calls for stronger deterrence against foreign cyber threats, particularly from China, but President Trump himself has publicly downplayed the significance of such threats. Senior administration officials have highlighted the need to respond to campaigns like those attributed to Salt Typhoon and Volt Typhoon, which target U.S. telecommunications and critical infrastructure, yet the president’s dismissive stance has created a disconnect between policy rhetoric and executive action. The ongoing instability at the helm of the nation’s top cyber agencies raises concerns about the United States’ ability to effectively coordinate and respond to escalating foreign cyber operations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Additional reporting identifies Indo-Pacific Command leader as contender for NSA/Cybercom post
Follow-up coverage further described the prospective pick as an Indo-Pacific Command leader under consideration for the dual-hatted NSA and Cyber Command position, reinforcing the emerging succession story.
Lt. Gen. Joshua Rudd emerges as candidate to lead NSA and Cyber Command
Reports indicated that Army Lt. Gen. Joshua Rudd, noted for Indo-Pacific experience, was being considered for the top leadership role overseeing both the National Security Agency and U.S. Cyber Command.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Indo-Pacific Command leader reportedly considered for top NSA, Cybercom post
scworld.com
Open sourceArmy officer with Indo-Pacific experience emerges as potential Cyber Command, NSA pick
therecord.media
Open sourceWhile White House demands deterrence, Trump shrugs
cyberscoop.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Federal Cybersecurity Leadership and Policy Uncertainty
The United States is experiencing a period of instability in its federal cybersecurity leadership, with budget cuts, leadership turnover, and shifting political priorities undermining the government's traditional role in setting national cyber strategy. Federal agencies, including the Office of the National Cyber Director, are facing funding and staffing challenges, leaving critical infrastructure operators and security professionals without consistent guidance or support. This erosion of centralized leadership is forcing the private sector and local governments to manage escalating cyber threats and operational risks independently, often without a unified national playbook. Compounding these challenges is a growing crisis in the cybersecurity workforce, as underfunded education systems and high burnout rates threaten the talent pipeline needed for national digital defense. The lack of federal investment in cyber education and workforce development is creating vulnerabilities that adversaries may exploit. Meanwhile, political divisions are evident in the debate over how to respond to major cyber intrusions, such as the China-linked Salt Typhoon campaign targeting US telecommunications networks. Lawmakers remain split on whether voluntary industry partnerships or mandated standards are necessary to address fundamental security weaknesses, highlighting the broader uncertainty in US cyber policy and enforcement.
Mar 21, 2026
US Cyber and Intelligence Policy Debates Over Surveillance Authorities and Leadership Vacancies
US national security officials and lawmakers are weighing the future of key cyber and intelligence authorities and leadership posts. Lt. Gen. Josh Rudd, nominated to lead **NSA** and co-lead **U.S. Cyber Command**, told the Senate Intelligence Committee he supports **FISA Section 702**, arguing the foreign-intelligence collection authority is “indispensable” for threat insight and has “saved lives,” even as critics continue to press for warrant requirements when querying incidentally collected US-person communications. Separately, a Senate panel heard testimony describing how the US military has formalized a “**non-kinetic effects cell**” to integrate cyber operations, electronic warfare, and influence activities into mission planning and execution, with officials citing an operation in Venezuela that included cyber effects against radar, internet, and the power grid to induce a temporary blackout. A parallel policy dispute is playing out around domestic cyber defense leadership and information-sharing frameworks. An *SC Media* opinion column argues the Senate’s failure to confirm (and subsequent expiration of) Sean Plankey’s nomination as **CISA director** has prolonged a leadership vacuum during heightened critical-infrastructure risk, and it also highlights uncertainty around reauthorizing the **Cybersecurity Information Sharing Act of 2015** amid political resistance to a “clean” long-term extension. Overall, the reporting and commentary point to governance and oversight decisions—surveillance authorities, operational cyber integration, and agency leadership—that could materially affect US cyber posture, but they do not describe a discrete breach, vulnerability disclosure, or active threat campaign.
Mar 21, 2026
Leadership Changes at U.S. Cyber Command and NSA
U.S. Cyber Command’s Cyber National Mission Force (CNMF) removed Air Force Lt. Col. **Jason Gargan**, a joint task force commander focused on operations against **Russia**, after he was “relieved for cause” following disagreements over operations with CNMF leadership, according to people familiar with the matter. Gargan was reassigned elsewhere within CNMF and is expected to retire by the end of 2026; the move was described as unusual for CNMF, where underperforming leaders are typically rotated rather than dismissed. The personnel action occurred amid broader senior-level churn at Cyber Command, which has reportedly been without a Senate-confirmed leader for an extended period, and as CNMF chief Maj. Gen. **Lorna Mahlock** was nominated to become Cyber Command’s next deputy chief. Separately, the **National Security Agency (NSA)** appointed intelligence community veteran **Timothy Kosiba** as deputy director with presidential approval. Reporting highlighted Kosiba’s background in network warfare and offensive cyber roles (including **Tailored Access Operations**-linked positions) and senior leadership posts supporting foreign signals intelligence and cybersecurity missions; Acting NSA and Cyber Command head **William Hartman** publicly endorsed the appointment as supporting NSA’s mission execution.
Mar 21, 2026