US Cyber and Intelligence Policy Debates Over Surveillance Authorities and Leadership Vacancies
US national security officials and lawmakers are weighing the future of key cyber and intelligence authorities and leadership posts. Lt. Gen. Josh Rudd, nominated to lead NSA and co-lead U.S. Cyber Command, told the Senate Intelligence Committee he supports FISA Section 702, arguing the foreign-intelligence collection authority is “indispensable” for threat insight and has “saved lives,” even as critics continue to press for warrant requirements when querying incidentally collected US-person communications. Separately, a Senate panel heard testimony describing how the US military has formalized a “non-kinetic effects cell” to integrate cyber operations, electronic warfare, and influence activities into mission planning and execution, with officials citing an operation in Venezuela that included cyber effects against radar, internet, and the power grid to induce a temporary blackout.
A parallel policy dispute is playing out around domestic cyber defense leadership and information-sharing frameworks. An SC Media opinion column argues the Senate’s failure to confirm (and subsequent expiration of) Sean Plankey’s nomination as CISA director has prolonged a leadership vacuum during heightened critical-infrastructure risk, and it also highlights uncertainty around reauthorizing the Cybersecurity Information Sharing Act of 2015 amid political resistance to a “clean” long-term extension. Overall, the reporting and commentary point to governance and oversight decisions—surveillance authorities, operational cyber integration, and agency leadership—that could materially affect US cyber posture, but they do not describe a discrete breach, vulnerability disclosure, or active threat campaign.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Cybersecurity Information Sharing Act set to expire
The Cybersecurity Information Sharing Act of 2015 was described as due to expire on Jan. 30, 2026, after only short-term extensions. Its pending lapse created uncertainty around liability protections for cyber threat information sharing.
Rudd pledges NSA support on election threat briefings
During the same confirmation process, Rudd said he would use NSA resources to help inform lawmakers about foreign threats to U.S. elections. The commitment came as the administration had reportedly reduced or shut down several election-threat tracking entities.
Josh Rudd backs FISA Section 702 in Senate confirmation hearing
Lt. Gen. Josh Rudd, President Trump’s nominee to lead both NSA and U.S. Cyber Command, told the Senate Intelligence Committee that Section 702 intelligence is indispensable and should continue. He said he still needed to study whether U.S.-person queries of 702 data should require a warrant.
Officials outline Cyber Command 2.0 modernization plans
Leaders from U.S. Cyber Command, NSA, and the Pentagon testified about 'Cyber Command 2.0,' a revised force design intended to improve recruiting, retention, training, and cyber tool development. They said the model had been endorsed during the Biden administration, accelerated under Defense Secretary Pete Hegseth, and is expected to be fully integrated later this decade or in the early 2030s.
Senate panel hears testimony on military ‘non-kinetic effects cell’
A senior U.S. military official told the Senate Armed Services Committee that the military had created a 'non-kinetic effects cell' to integrate cyber and other non-physical effects into mission planning and execution. The testimony also described a Venezuela-related operation involving cyber effects against radar, internet, and the power grid.
White House renominates Sean Plankey to lead CISA
After Plankey’s prior nomination expired, the White House renominated him to serve as CISA director. The renomination came as lawmakers continued to dispute issues unrelated to CISA’s core mission.
Sean Plankey’s CISA nomination expired after Senate inaction
Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency expired on Dec. 31, 2025, after months without Senate confirmation. The lapse left CISA without a confirmed director amid broader cybersecurity policy uncertainty.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Trump nominee to lead NSA commits to backing controversial spying law - Nextgov/FCW
nextgov.com
Open sourceUS developed ‘non-kinetic’ cell ahead of Venezuela mission to push cyber operations - Nextgov/FCW
nextgov.com
Open sourceNote to US Senate: End the petty squabbles and confirm Sean Plankey as CISA director | SC Media
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid **leadership turnover and staffing reductions at CISA**, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director **Madhu Gottumukkala** was replaced by **Nick Andersen** following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. **Joshua Rudd** to lead **U.S. Cyber Command and the NSA**, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief. CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the **POEM framework** (*Plan, Organize, Execute, Maintain*) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a **partial DHS shutdown** was reported to be stalling progress on the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)** rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Apr 3, 2026
Leadership Uncertainty at U.S. Cyber Command and NSA Amidst Policy Disarray
U.S. Cyber Command and the National Security Agency have been without a permanent leader for over seven months following the dismissal of Air Force Gen. Timothy Haugh and his deputy, a move that has unsettled both organizations. Army Lt. Gen. Joshua Rudd, currently serving as the No. 2 at U.S. Indo-Pacific Command and lacking direct cyber or signals intelligence experience, has emerged as a leading candidate for the dual-hat leadership role, though the selection process remains fluid and contentious. Key leadership positions at both agencies remain unfilled, with Marine Corps Maj. Gen. Lorna Mahlock and Brig. Gen. Matthew Lennox identified as likely appointees to senior roles once the top post is settled. This leadership vacuum comes as the Trump administration’s official cyber policy calls for stronger deterrence against foreign cyber threats, particularly from China, but President Trump himself has publicly downplayed the significance of such threats. Senior administration officials have highlighted the need to respond to campaigns like those attributed to Salt Typhoon and Volt Typhoon, which target U.S. telecommunications and critical infrastructure, yet the president’s dismissive stance has created a disconnect between policy rhetoric and executive action. The ongoing instability at the helm of the nation’s top cyber agencies raises concerns about the United States’ ability to effectively coordinate and respond to escalating foreign cyber operations.
Mar 21, 2026
US Federal Cyber and IT Leadership Turnover and Confirmation Disputes
US federal cyber and IT leadership saw multiple high-profile personnel moves, including a planned transition at the **Cybersecurity and Infrastructure Security Agency (CISA)**. Acting director **Madhu Gottumukkala** is expected to leave CISA for a new Department of Homeland Security role as director of strategic implementation, with **Nick Andersen** (CISA’s executive assistant director for cybersecurity) slated to become acting director. Separately, CISA **CIO Bob Costello** reportedly received reassignment/transfer orders and is expected to depart the agency, with reporting indicating he may have been offered reassignment to **FEMA**; the reasons for the move were not publicly clarified. In parallel, Senate confirmation politics affected senior national cyber leadership: Sen. **Ron Wyden** said he would block confirmation of Lt. Gen. **Joshua Rudd** to lead both **U.S. Cyber Command** and the **NSA**, citing a lack of cyber and signals intelligence experience and concerns about his understanding of NSA surveillance authorities. Outside the cyber agencies, the **Department of Justice** elevated **Nikki Collier** from deputy CIO to permanent CIO, following a prolonged vacancy after the prior CIO’s departure, underscoring broader federal IT leadership churn during a period of workforce reductions and ongoing scrutiny of security governance practices.
Mar 21, 2026