Congressional Concerns Over CISA Leadership and Federal Cybersecurity Readiness
Senior lawmakers and federal officials have raised alarms about the lack of a confirmed director for the Cybersecurity and Infrastructure Security Agency (CISA), warning that this leadership gap could undermine the United States' ability to respond to escalating cyber threats. Outgoing Comptroller General Gene Dodaro emphasized to Congress that cybersecurity and critical infrastructure protection are not receiving the urgent attention required, highlighting that CISA has hundreds of outstanding recommendations from the Government Accountability Office (GAO) and that the absence of a permanent director is a significant vulnerability. House Homeland Security Committee Chairman Rep. Garbarino also expressed disappointment over the Senate's failure to approve the White House's CISA nominee, further questioning recent decisions to reverse telecom security rules enacted after a major Chinese cyber intrusion.
The ongoing delay in confirming a permanent CISA director has prompted bipartisan concern, with lawmakers and oversight officials warning that "taking our foot off the gas" at CISA could have serious consequences for national security. Acting Director Madhu Gottumukkala has led the agency since the spring, while nominee Sean Plankey's confirmation has stalled due to Senate holds. The GAO has identified cybersecurity as a high-risk area for decades, and the current leadership uncertainty at CISA is seen as a critical issue that could impede progress on closing longstanding security gaps across federal agencies.
Sources
Related Stories
CISA Leadership Uncertainty Amid Key Departures and Unconfirmed Director
The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant leadership challenges as the key employee responsible for its early ransomware warning program has departed the agency. This program, credited with preventing an estimated $9 billion in economic damages, now faces an uncertain future, raising concerns about the continuity of CISA's proactive ransomware defense efforts. The departure comes at a critical time for the agency, which has played a central role in national cyber defense and threat mitigation. Compounding these challenges, the U.S. Senate adjourned without confirming a new CISA director, leaving the agency without permanent leadership as it heads into the new year. The stalled nomination of Sean Plankey follows a year marked by workforce reductions and ongoing efforts to finalize a comprehensive national cyber strategy. The lack of confirmed leadership and the loss of key personnel may impact CISA's ability to respond effectively to evolving cyber threats and maintain its critical programs.
2 months agoCISA Director Nomination Stalled by Senate Procedural Holds
Sean Plankey's nomination to lead the Cybersecurity and Infrastructure Security Agency (CISA) has been effectively halted after being excluded from a Senate vote advancing a package of nominees. The primary obstacle is a hold placed by Sen. Rick Scott, R-Fla., related to a dispute over a Coast Guard contract, with additional procedural holds from other senators. As a result, the White House will need to resubmit Plankey's nomination in 2026 if no floor vote is scheduled before the end of the current session, leaving CISA without a Senate-confirmed director as it enters the new year. The ongoing vacancy at CISA's top leadership position is not due to concerns about Plankey himself, but rather broader congressional disputes involving unrelated issues such as telecom oversight and Coast Guard contracting. This leadership gap comes at a time when CISA faces significant challenges in defending U.S. critical infrastructure, and the lack of a confirmed director may impact the agency's ability to respond to evolving cyber threats and maintain operational continuity.
3 months ago
US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would **temporarily extend two major U.S. cybersecurity authorities**—the 2015 *Cybersecurity and Infrastructure Security Act* (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the **State and Local Cybersecurity Grant Program**—through **September 30**. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections. Separately, reporting highlighted **internal leadership instability at CISA**: acting director **Madhu Gottumukkala** reportedly attempted to remove or reassign CISA CIO **Robert Costello** via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
1 months ago