Congressional Concerns Over CISA Leadership and Federal Cybersecurity Readiness
Senior lawmakers and federal officials have raised alarms about the lack of a confirmed director for the Cybersecurity and Infrastructure Security Agency (CISA), warning that this leadership gap could undermine the United States' ability to respond to escalating cyber threats. Outgoing Comptroller General Gene Dodaro emphasized to Congress that cybersecurity and critical infrastructure protection are not receiving the urgent attention required, highlighting that CISA has hundreds of outstanding recommendations from the Government Accountability Office (GAO) and that the absence of a permanent director is a significant vulnerability. House Homeland Security Committee Chairman Rep. Garbarino also expressed disappointment over the Senate's failure to approve the White House's CISA nominee, further questioning recent decisions to reverse telecom security rules enacted after a major Chinese cyber intrusion.
The ongoing delay in confirming a permanent CISA director has prompted bipartisan concern, with lawmakers and oversight officials warning that "taking our foot off the gas" at CISA could have serious consequences for national security. Acting Director Madhu Gottumukkala has led the agency since the spring, while nominee Sean Plankey's confirmation has stalled due to Senate holds. The GAO has identified cybersecurity as a high-risk area for decades, and the current leadership uncertainty at CISA is seen as a critical issue that could impede progress on closing longstanding security gaps across federal agencies.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Outgoing GAO chief warns against easing pressure on CISA
In remarks reported by FedScoop, outgoing Comptroller General Gene Dodaro warned against 'taking our foot off the gas' at CISA, signaling concern about sustaining the agency's workforce and cybersecurity mission. The synopsis does not provide further event detail beyond the warning.
Rep. Garbarino criticizes Senate delay on CISA nominee and raises FCC concerns
House Homeland Security Committee Chairman Rep. Andrew Garbarino publicly expressed disappointment that the Senate had not approved President Trump's nominee to lead CISA, while also questioning the FCC's recent rollback of telecom security rules. His comments underscored continued congressional scrutiny of U.S. cyber leadership and telecom security.
FCC votes to reverse some telecom security rules
The FCC later voted to reverse certain telecom security rules that had been put in place after the Chinese cyber intrusion, prompting concern from lawmakers about telecom security policy. The references do not provide the exact date of the vote.
Chinese cyber intrusion prompts FCC telecom security rules
The FCC implemented certain telecom security rules in response to a significant cyber intrusion attributed to China, establishing protections for U.S. telecommunications networks. The exact date is not specified in the references.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Leadership Uncertainty Amid Key Departures and Unconfirmed Director
The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant leadership challenges as the key employee responsible for its early ransomware warning program has departed the agency. This program, credited with preventing an estimated $9 billion in economic damages, now faces an uncertain future, raising concerns about the continuity of CISA's proactive ransomware defense efforts. The departure comes at a critical time for the agency, which has played a central role in national cyber defense and threat mitigation. Compounding these challenges, the U.S. Senate adjourned without confirming a new CISA director, leaving the agency without permanent leadership as it heads into the new year. The stalled nomination of Sean Plankey follows a year marked by workforce reductions and ongoing efforts to finalize a comprehensive national cyber strategy. The lack of confirmed leadership and the loss of key personnel may impact CISA's ability to respond effectively to evolving cyber threats and maintain its critical programs.
Mar 21, 2026
CISA Director Nomination Stalled by Senate Procedural Holds
Sean Plankey's nomination to lead the Cybersecurity and Infrastructure Security Agency (CISA) has been effectively halted after being excluded from a Senate vote advancing a package of nominees. The primary obstacle is a hold placed by Sen. Rick Scott, R-Fla., related to a dispute over a Coast Guard contract, with additional procedural holds from other senators. As a result, the White House will need to resubmit Plankey's nomination in 2026 if no floor vote is scheduled before the end of the current session, leaving CISA without a Senate-confirmed director as it enters the new year. The ongoing vacancy at CISA's top leadership position is not due to concerns about Plankey himself, but rather broader congressional disputes involving unrelated issues such as telecom oversight and Coast Guard contracting. This leadership gap comes at a time when CISA faces significant challenges in defending U.S. critical infrastructure, and the lack of a confirmed director may impact the agency's ability to respond to evolving cyber threats and maintain operational continuity.
Mar 21, 2026
US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would **temporarily extend two major U.S. cybersecurity authorities**—the 2015 *Cybersecurity and Infrastructure Security Act* (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the **State and Local Cybersecurity Grant Program**—through **September 30**. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections. Separately, reporting highlighted **internal leadership instability at CISA**: acting director **Madhu Gottumukkala** reportedly attempted to remove or reassign CISA CIO **Robert Costello** via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
Mar 21, 2026