US Federal Cybersecurity Leadership and Policy Uncertainty
The United States is experiencing a period of instability in its federal cybersecurity leadership, with budget cuts, leadership turnover, and shifting political priorities undermining the government's traditional role in setting national cyber strategy. Federal agencies, including the Office of the National Cyber Director, are facing funding and staffing challenges, leaving critical infrastructure operators and security professionals without consistent guidance or support. This erosion of centralized leadership is forcing the private sector and local governments to manage escalating cyber threats and operational risks independently, often without a unified national playbook.
Compounding these challenges is a growing crisis in the cybersecurity workforce, as underfunded education systems and high burnout rates threaten the talent pipeline needed for national digital defense. The lack of federal investment in cyber education and workforce development is creating vulnerabilities that adversaries may exploit. Meanwhile, political divisions are evident in the debate over how to respond to major cyber intrusions, such as the China-linked Salt Typhoon campaign targeting US telecommunications networks. Lawmakers remain split on whether voluntary industry partnerships or mandated standards are necessary to address fundamental security weaknesses, highlighting the broader uncertainty in US cyber policy and enforcement.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
ICIT promotes decentralized resilience as federal support appears to weaken
As concerns grew over weakening federal cybersecurity coordination, the Institute for Critical Infrastructure Technology emphasized decentralized resilience, public-private collaboration, and a four-part framework of Resourcing, Recovery, Rehearsals, and Response for organizations facing reduced national support.
Senate hearing reveals split over response to China telecom hacks
A U.S. Senate hearing exposed divisions over how to respond to the Salt Typhoon intrusions, with Republicans and FCC Chair Brendan Carr opposing proposed cybersecurity rules while Democrats and former FCC official Debra Jordan argued for enforceable standards and more transparency from telecom providers.
Salt Typhoon compromises major U.S. telecommunications networks
China's Salt Typhoon cyber campaign breached major U.S. telecom networks, including companies such as AT&T and Verizon, prompting scrutiny of telecom-sector cybersecurity and national response options.
Office of the National Cyber Director launches amid structural constraints
The Office of the National Cyber Director was established in 2021, but from its launch it faced funding limitations, staffing shortfalls, and political headwinds that contributed to long-term instability in federal cyber leadership.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
We’re the federal government, and we’re (maybe) no longer here to help
scworld.com
Open sourceFrom classrooms to command posts: The cyber education crisis
scworld.com
Open sourceSenate divided over response to China telecom hacks
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Leadership Uncertainty at U.S. Cyber Command and NSA Amidst Policy Disarray
U.S. Cyber Command and the National Security Agency have been without a permanent leader for over seven months following the dismissal of Air Force Gen. Timothy Haugh and his deputy, a move that has unsettled both organizations. Army Lt. Gen. Joshua Rudd, currently serving as the No. 2 at U.S. Indo-Pacific Command and lacking direct cyber or signals intelligence experience, has emerged as a leading candidate for the dual-hat leadership role, though the selection process remains fluid and contentious. Key leadership positions at both agencies remain unfilled, with Marine Corps Maj. Gen. Lorna Mahlock and Brig. Gen. Matthew Lennox identified as likely appointees to senior roles once the top post is settled. This leadership vacuum comes as the Trump administration’s official cyber policy calls for stronger deterrence against foreign cyber threats, particularly from China, but President Trump himself has publicly downplayed the significance of such threats. Senior administration officials have highlighted the need to respond to campaigns like those attributed to Salt Typhoon and Volt Typhoon, which target U.S. telecommunications and critical infrastructure, yet the president’s dismissive stance has created a disconnect between policy rhetoric and executive action. The ongoing instability at the helm of the nation’s top cyber agencies raises concerns about the United States’ ability to effectively coordinate and respond to escalating foreign cyber operations.
Mar 21, 2026
US Cybersecurity Policy Setbacks and Calls for Legislative Action
The annual implementation report from the Cyberspace Solarium Commission (CSC 2.0) has concluded that the United States is regressing in its efforts to strengthen national cybersecurity. The report highlights that, for the first time since the commission began tracking progress, the nation has moved backward in enacting key recommendations, with implementation percentages dropping across all measured categories. The report attributes this decline to several factors, including budget and personnel cuts initiated during the Trump administration, which have affected critical cyber diplomacy and science programs. The absence of stable leadership at major agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department is also cited as a significant barrier to progress. The commission recommends reversing these budget cuts, empowering the Office of the National Cyber Director, and expanding federal workforce initiatives to address the growing gap between technological advancement and federal cybersecurity efforts. The report underscores that the pace of technology evolution is outstripping the government's ability to secure it, leaving the nation and its allies increasingly vulnerable to cyber threats. In parallel, the U.S. electric utility sector is prioritizing the reauthorization of the Cybersecurity Information Sharing Act (CISA) of 2015, which lapsed earlier in the month. Industry leaders argue that the law is essential for fostering trust and enabling the sharing of sensitive operational information between utilities and the government without fear of reprisal. The lapse of this legislation has raised concerns among utility executives and cybersecurity experts, who emphasize that robust information sharing is critical in the face of escalating threats to the power sector. Multiple industry associations, including the American Public Power Association and the Edison Electric Institute, have urged Congress to reauthorize the act to maintain effective collaboration and threat mitigation. The convergence of these developments points to a broader challenge in U.S. cybersecurity policy, where legislative and organizational setbacks are undermining national resilience. The lack of progress in implementing strategic recommendations and the expiration of key information-sharing laws are seen as compounding risks for critical infrastructure. Experts warn that without renewed commitment and legislative action, the U.S. may continue to lose ground in the global cybersecurity landscape. The reports collectively call for immediate policy reversals, leadership stabilization, and legislative renewal to restore momentum in national cyber defense. The situation is further complicated by the increasing sophistication of cyber threats targeting both government and private sector entities. Stakeholders across sectors are advocating for a unified approach to address these vulnerabilities and ensure the security of essential services. The urgency of these recommendations is underscored by the potential consequences of inaction, which could include increased exposure to cyberattacks and diminished national security. The reports serve as a wake-up call for policymakers to prioritize cybersecurity funding, leadership, and legislative frameworks. The need for a coordinated and well-resourced response is emphasized as essential for safeguarding the nation's digital infrastructure. The findings highlight the interconnectedness of policy, leadership, and industry collaboration in achieving effective cybersecurity outcomes. The overall message is clear: reversing recent setbacks and renewing key laws are critical steps toward regaining lost ground in U.S. cybersecurity.
Mar 21, 2026
U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid **leadership turnover and staffing reductions at CISA**, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director **Madhu Gottumukkala** was replaced by **Nick Andersen** following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. **Joshua Rudd** to lead **U.S. Cyber Command and the NSA**, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief. CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the **POEM framework** (*Plan, Organize, Execute, Maintain*) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a **partial DHS shutdown** was reported to be stalling progress on the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)** rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Apr 3, 2026