CISA Leadership Uncertainty Amid Key Departures and Unconfirmed Director
The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant leadership challenges as the key employee responsible for its early ransomware warning program has departed the agency. This program, credited with preventing an estimated $9 billion in economic damages, now faces an uncertain future, raising concerns about the continuity of CISA's proactive ransomware defense efforts. The departure comes at a critical time for the agency, which has played a central role in national cyber defense and threat mitigation.
Compounding these challenges, the U.S. Senate adjourned without confirming a new CISA director, leaving the agency without permanent leadership as it heads into the new year. The stalled nomination of Sean Plankey follows a year marked by workforce reductions and ongoing efforts to finalize a comprehensive national cyber strategy. The lack of confirmed leadership and the loss of key personnel may impact CISA's ability to respond effectively to evolving cyber threats and maintain its critical programs.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
CISA ransomware warning program lead departs agency
A key employee behind CISA's early ransomware warning program recently left the agency. The departure raised concerns about the continuity and future effectiveness of a program credited with helping prevent about $9 billion in economic damage.
Senate adjourns without confirming Sean Plankey as CISA director
The Senate ended its session for the year without acting on Sean Plankey's nomination to lead CISA. As a result, the agency entered the new year without a permanent director amid broader workforce reductions and ongoing White House cyber strategy work.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
Congressional Concerns Over CISA Leadership and Federal Cybersecurity Readiness
Senior lawmakers and federal officials have raised alarms about the lack of a confirmed director for the Cybersecurity and Infrastructure Security Agency (CISA), warning that this leadership gap could undermine the United States' ability to respond to escalating cyber threats. Outgoing Comptroller General Gene Dodaro emphasized to Congress that cybersecurity and critical infrastructure protection are not receiving the urgent attention required, highlighting that CISA has hundreds of outstanding recommendations from the Government Accountability Office (GAO) and that the absence of a permanent director is a significant vulnerability. House Homeland Security Committee Chairman Rep. Garbarino also expressed disappointment over the Senate's failure to approve the White House's CISA nominee, further questioning recent decisions to reverse telecom security rules enacted after a major Chinese cyber intrusion. The ongoing delay in confirming a permanent CISA director has prompted bipartisan concern, with lawmakers and oversight officials warning that "taking our foot off the gas" at CISA could have serious consequences for national security. Acting Director Madhu Gottumukkala has led the agency since the spring, while nominee Sean Plankey's confirmation has stalled due to Senate holds. The GAO has identified cybersecurity as a high-risk area for decades, and the current leadership uncertainty at CISA is seen as a critical issue that could impede progress on closing longstanding security gaps across federal agencies.
Mar 21, 2026
CISA Director Nomination Stalled by Senate Procedural Holds
Sean Plankey's nomination to lead the Cybersecurity and Infrastructure Security Agency (CISA) has been effectively halted after being excluded from a Senate vote advancing a package of nominees. The primary obstacle is a hold placed by Sen. Rick Scott, R-Fla., related to a dispute over a Coast Guard contract, with additional procedural holds from other senators. As a result, the White House will need to resubmit Plankey's nomination in 2026 if no floor vote is scheduled before the end of the current session, leaving CISA without a Senate-confirmed director as it enters the new year. The ongoing vacancy at CISA's top leadership position is not due to concerns about Plankey himself, but rather broader congressional disputes involving unrelated issues such as telecom oversight and Coast Guard contracting. This leadership gap comes at a time when CISA faces significant challenges in defending U.S. critical infrastructure, and the lack of a confirmed director may impact the agency's ability to respond to evolving cyber threats and maintain operational continuity.
Mar 21, 2026