US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would temporarily extend two major U.S. cybersecurity authorities—the 2015 Cybersecurity and Infrastructure Security Act (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the State and Local Cybersecurity Grant Program—through September 30. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections.
Separately, reporting highlighted internal leadership instability at CISA: acting director Madhu Gottumukkala reportedly attempted to remove or reassign CISA CIO Robert Costello via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
House leaders schedule vote as Congress races to prevent funding lapse
After the funding package was released, House leaders planned a vote later that week while Congress faced a 10-day window to pass the measure and send it to the president. The proposal's fate depended on House political dynamics and the Senate returning from recess in time to avoid another lapse or partial shutdown.
Congressional leaders release minibus to extend cyber authorities and fund CISA
Congressional appropriators unveiled a $1.2 trillion government funding package to avert a Jan. 30 funding lapse. The bill would extend the Cybersecurity and Information Sharing Act of 2015, the State and Local Cybersecurity Grant Program, and the Technology Modernization Fund through Sept. 30 while providing $2.6 billion for CISA, including $39.6 million for election security.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
New bill prolonging cyber programs, funding CISA unveiled | SC Media
scworld.com
Open sourceCongressional appropriators move to extend information-sharing law, fund CISA | CyberScoop
cyberscoop.com
Open sourceLawmakers move to extend two cyber programs (again) in funding proposal | The Record from Recorded Future News
therecord.media
Open sourceActing CISA Director Pushed to Remove Agency CIO - TechRepublic
techrepublic.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Congressional Funding Package Targets CISA Staffing, Election Security, and Federal Cyber Modernization
A DHS “minibus” appropriations package would direct the Cybersecurity and Infrastructure Security Agency (**CISA**) to maintain “sufficient” staffing to execute its statutory missions, including support to federal civilian agencies and state/local/tribal/territorial partners. The accompanying congressional language also calls for maintaining at least **10 regional field offices** and having at least **one Cyber Security Advisor per state or territory**, while continuing to fund election security activities (including regional election security advisers and the Elections Infrastructure ISAC). The bill would provide **$2.6B for CISA**, down from roughly $3B previously cited in the reporting. The same funding package would extend authorization for the **Technology Modernization Fund (TMF)**—which had lapsed—through **Sept. 30** (end of FY2026), enabling continued federal IT modernization investments that are often tied to cyber risk reduction. It would also extend several cybersecurity-related statutory authorities, including the **Cybersecurity Information Sharing Act of 2015**, preserving a legal framework for private-sector sharing of cyber threat intelligence with U.S. government entities under specified liability protections. Separately, CISA leadership turmoil was reported as internal pushback halted an attempted management-directed reassignment of CISA CIO **Robert Costello**, adding to concerns about decision-making and stability amid ongoing pressure from persistent threats to federal networks and critical infrastructure.
Mar 21, 2026
U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid **leadership turnover and staffing reductions at CISA**, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director **Madhu Gottumukkala** was replaced by **Nick Andersen** following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. **Joshua Rudd** to lead **U.S. Cyber Command and the NSA**, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief. CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the **POEM framework** (*Plan, Organize, Execute, Maintain*) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a **partial DHS shutdown** was reported to be stalling progress on the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)** rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Apr 3, 2026
Acting CISA Director Warns DHS Shutdown Would Curtail Cyber Defense Operations
Acting CISA Director **Madhu Gottumukkala** told House appropriators that a potential Department of Homeland Security funding lapse would materially reduce CISA’s ability to support public- and private-sector partners, warning that “when the government shuts down, cyber threats do not.” He said a shutdown would degrade timely, actionable guidance; curtail core missions such as digital response; and limit work to activities deemed essential to protecting life and property—shifting the agency from proactive efforts (including vulnerability scanning) to a more reactive posture. He also said a shutdown would force more than a third of CISA’s frontline security experts and threat hunters to work without pay and would impede progress on CISA’s long-awaited cyber incident reporting rule. In the same congressional context, Gottumukkala also acknowledged that **about 70 CISA staff** were reassigned to other DHS offices over the last year (including a “handful” to **ICE**), while “30 plus” personnel were transferred into CISA; a December 2025 staffing chart cited in reporting reflected **27 inbound** and **65 outbound** reassignments. Separately, Congress reauthorized the **Cybersecurity Information Sharing Act of 2015 (CISA 2015)**—which provides liability protections, FOIA exemptions, and other safeguards for sharing cyber threat indicators and defensive measures—extending it from its planned January 2026 sunset to **September 30, 2026**. Reporting on the Senate Intelligence Committee advancing a nominee to lead **U.S. Cyber Command/NSA** is related to federal cyber leadership but is not part of the shutdown/CISA operational-impact story.
Mar 21, 2026