Leadership Turbulence and Strategic Shifts at the NSA Under Trump Administration
The Trump administration reversed its decision to appoint Joe Francescon as the next deputy director of the National Security Agency (NSA), opting instead for Tim Kosiba, a former NSA and FBI official. This change follows internal White House opposition and criticism from far-right activists, highlighting ongoing instability within the NSA's leadership ranks. The agency has faced significant personnel changes and has operated without a Senate-confirmed leader for over eight months, raising concerns about continuity and operational effectiveness.
Simultaneously, former national security officials have raised alarms about the administration's new national security strategy, which they argue prioritizes short-term, transactional objectives—such as focusing intelligence resources on Venezuela and hardline migration policies—at the expense of monitoring enduring and emerging threats in Europe, Asia, and other regions. These developments underscore broader concerns about the direction and stability of U.S. intelligence leadership and strategy during this period.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Tim Kosiba emerges as expected NSA deputy director nominee
Following the reversal on Francescon, former NSA and FBI official Tim Kosiba emerged as the expected choice for NSA deputy director after lobbying by Kurt Olsen and support from other administration figures. The move signaled a new direction for the agency's No. 2 role amid broader vacancies and pending retirements.
Trump administration reverses Joe Francescon NSA deputy director pick
The Trump administration backed away from its announced plan to appoint Joe Francescon as deputy director of the NSA after internal opposition and criticism from far-right activists. The reversal added to ongoing leadership instability at the agency.
Congress scrutinizes legality of Venezuela-linked military actions
Congress began examining the legality of military actions against drug boats linked to Venezuela under the administration's strategy. The scrutiny reflects broader concern over how the new strategy is being implemented.
Trump administration issues new national security strategy
President Donald Trump released a new national security strategy that prioritizes short-term, transactional objectives, including a strong focus on Venezuela and the Western Hemisphere, while emphasizing economic interests and supply chain monitoring. Former officials warned the approach could divert intelligence attention from longer-term threats in Europe, Asia and elsewhere.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
NSA Leadership Changes Amid Ongoing Cyber Directorate Turmoil
The National Security Agency (NSA) has undergone significant leadership changes following months of instability at its highest levels. Tim Kosiba, a veteran with over three decades of federal service, has been appointed as the new deputy director of the NSA after the Trump administration removed his predecessor and other top officials, reportedly due to political pressure. Kosiba previously held key roles within the NSA, FBI, and Naval Criminal Investigative Service, and his appointment was confirmed by Defense Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard with President Trump's approval. The agency has faced a prolonged period without a Senate-confirmed leader, contributing to uncertainty within both the NSA and U.S. Cyber Command. Simultaneously, the NSA's cybersecurity directorate is also experiencing a transition in leadership. David Imbordino, currently the directorate’s deputy chief, will serve as acting head following the retirement of Greg Smithberger, who had been leading in an interim capacity. Holly Baroody is set to return from the United Kingdom to serve as acting deputy chief. The directorate, established in 2019 to enhance intelligence sharing and collaboration with critical infrastructure, has lacked a permanent chief since early last year. These leadership changes come as the NSA continues to address evolving cyber threats, including recent advisories on malware such as BRICKSTORM, and underscores the agency’s ongoing efforts to stabilize its executive ranks and maintain operational continuity.
Mar 21, 2026
Leadership Uncertainty at U.S. Cyber Command and NSA Amidst Policy Disarray
U.S. Cyber Command and the National Security Agency have been without a permanent leader for over seven months following the dismissal of Air Force Gen. Timothy Haugh and his deputy, a move that has unsettled both organizations. Army Lt. Gen. Joshua Rudd, currently serving as the No. 2 at U.S. Indo-Pacific Command and lacking direct cyber or signals intelligence experience, has emerged as a leading candidate for the dual-hat leadership role, though the selection process remains fluid and contentious. Key leadership positions at both agencies remain unfilled, with Marine Corps Maj. Gen. Lorna Mahlock and Brig. Gen. Matthew Lennox identified as likely appointees to senior roles once the top post is settled. This leadership vacuum comes as the Trump administration’s official cyber policy calls for stronger deterrence against foreign cyber threats, particularly from China, but President Trump himself has publicly downplayed the significance of such threats. Senior administration officials have highlighted the need to respond to campaigns like those attributed to Salt Typhoon and Volt Typhoon, which target U.S. telecommunications and critical infrastructure, yet the president’s dismissive stance has created a disconnect between policy rhetoric and executive action. The ongoing instability at the helm of the nation’s top cyber agencies raises concerns about the United States’ ability to effectively coordinate and respond to escalating foreign cyber operations.
Mar 21, 2026
US Cyber and Intelligence Policy Debates Over Surveillance Authorities and Leadership Vacancies
US national security officials and lawmakers are weighing the future of key cyber and intelligence authorities and leadership posts. Lt. Gen. Josh Rudd, nominated to lead **NSA** and co-lead **U.S. Cyber Command**, told the Senate Intelligence Committee he supports **FISA Section 702**, arguing the foreign-intelligence collection authority is “indispensable” for threat insight and has “saved lives,” even as critics continue to press for warrant requirements when querying incidentally collected US-person communications. Separately, a Senate panel heard testimony describing how the US military has formalized a “**non-kinetic effects cell**” to integrate cyber operations, electronic warfare, and influence activities into mission planning and execution, with officials citing an operation in Venezuela that included cyber effects against radar, internet, and the power grid to induce a temporary blackout. A parallel policy dispute is playing out around domestic cyber defense leadership and information-sharing frameworks. An *SC Media* opinion column argues the Senate’s failure to confirm (and subsequent expiration of) Sean Plankey’s nomination as **CISA director** has prolonged a leadership vacuum during heightened critical-infrastructure risk, and it also highlights uncertainty around reauthorizing the **Cybersecurity Information Sharing Act of 2015** amid political resistance to a “clean” long-term extension. Overall, the reporting and commentary point to governance and oversight decisions—surveillance authorities, operational cyber integration, and agency leadership—that could materially affect US cyber posture, but they do not describe a discrete breach, vulnerability disclosure, or active threat campaign.
Mar 21, 2026