The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered.

In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program would now be known as CyberAI SFS.

“The SFS students we enroll today will not be employable when they graduate in 2-3 years without significant AI background,” the email reads. “Any SFS student in this new program must be proficient in using AI in cybersecurity or providing security and resilience for AI systems. Therefore, new students in the legacy CyberCorps program must learn to acquire AI expertise to augment their cybersecurity expertise.”

“Effective immediately, new SFS scholars will not be accepted to the Legacy CyberCorps(C) program without a description on how they will develop competencies at the intersection of cybersecurity and AI,” the email continues. “The description of the competency development could include, but are not limited to, formal program of study, experimental learning, research activities, capstone projects, competitions, certifications, and/or no-credit professional development via external providers.”

One current program scholar graduating soon said they were “disappointed” by the change for several reasons. As of earlier this week, the agencies collectively running the program — OPM, NSF and the Department of Homeland Security — hadn’t notified any program participants that any changes were on the horizon.

For another: “I was a little bit surprised that it was coming out as so blatantly disregarding the people that haven’t graduated yet, that everyone in my cohort is already considered ‘legacy,’ and the fact that it said people in the program that I’m currently in will not be employable in the coming years,” they said.

The email leaves scholars uncertain about what will happen as they try to fulfill their side of the agreement, especially since doing so has  already been difficult amid cyber job cutbacks and other concerns about how the program has recently been administered. The scholar told CyberScoop there are around 300 people in this current group.

“I assume it will affect placements,” they said. “I can’t say for sure one way or another, because placements are already so impacted by everything that’s been going on. I don’t know what’s due to lack of AI background and what’s due to everything else.”

Another scholar said it was wrong for OPM “to keep claiming repeatedly that they’re acting in our best interests,” when “we’re left out to dry.” Already, the current group of scholars has been frustrated by their inability to get questions answered.

“If we’re legacy CyberCorps, then how does that address anything?” the scholar asked. “We’re just kind of being shoved into a closet and forgotten about. Now in that email, they were saying that we were going to be unhireable in two years time without all this AI stuff under our belt. But at the same time, almost all of our universities were actively discouraging the use of AI.”

Another part of the email brought welcome news to those scholars: a temporary easing of the program’s requirements, including the 70-20-10 rule that sets targets for jobs in the federal government, state and local governments, and the education sector, as well as the rules for securing an internship.. Even so, scholars say they still haven’t received any direct information about the changes.

A spokesperson for NSF said there have been some misunderstandings about the email to school program coordinators (known as principal investigators), but didn’t address current scholars’ concerns about communication.

“The guidance does not require scholars to possess these competencies upon entry,” said the spokesperson, Michael Englund. “Rather, it requires principal investigators (PIs) to clearly describe how their programs will prepare scholars to develop AI-related competencies by the time they graduate (typically within two to three years). In other words, programs must have a concrete and immediate plan to ensure scholars gain these skills during the course of their studies, not prior to admission.”

A spokesperson for OPM addressed the two biggest concerns of current participants.

“There are no changes to placement requirements,” the spokesperson said. “As noted, NSF’s updates are forward-looking to ensure future cohorts are prepared for evolving workforce needs. NSF has encouraged institutions to use professional development funds to expand AI-related training where needed. At OPM, we are also expanding AI training and have introduced AI ambassadors to support adoption.”

On communication: “Principal investigators (PIs) remain the primary point of contact for scholars, but OPM plans to increase direct outreach and plans to issue follow-up communication to scholars on placement efforts,” the spokesperson said.

Last week’s email is the latest turn for the program, with the Cybersecurity and Infrastructure Security Agency last month declaring that it was canceling summer internships due to the lapse in funding for some DHS agencies. Congress has since provided funding for CISA. 

The agency didn’t answer a question about whether that cancellation decision has been reversed as a result.

The post Trump officials are steering a cybersecurity scholarship program toward AI appeared first on CyberScoop.

Like many organizations, the National Geospatial Intelligence Agency is moving to integrate AI tools into their business operations.

Jay Harless, director of human development at NGA, said the agency is trying to strike a balance: move fast enough to keep pace in what U.S. national security officials increasingly view as an AI arms race with adversarial countries like Russia, China, but not so fast that it disrupts proven intelligence-gathering methods.

“One of our primary drivers is that our adversaries were investing heavily, and so there is the pressure to keep ahead of and do that safely,” Harless said Tuesday at the Workday Federal Forum, presented by Scoop News Group. “We also realize that some of our adversaries may not have the same legal and ethical boundaries that us and our partners all need.”

Harless said the agency and others in the intelligence community are working to build systems with agentic AI that operates that can accelerate decision making “within secure boundaries.” That means building new IT infrastructure, validation protocols, monitoring for bias or rogue behavior, and putting accountability mechanisms in place.

“We’re moving fast, and moving fast safely by distinguishing what should be automated, what should be augmented and what should be kept purely human, because there are some things that will always be [human-operated],” he said.

A key piece is figuring out exactly how AI should fit into the work. Sasha Muth, NGA’s deputy director of human development, said the agency envisions a three-to-five-year effort to transform its workforce and IT infrastructure for the AI age. This year will be spent largely putting “structural things in place” for when and how analysts use AI, and reassessing what qualifications the agency should require for entry-level jobs.

But that effort is also causing tensions within the workforce, and Muth acknowledged that part of the challenge is convincing rank-and-file employees that the technology is going to help them – not replace them. The agency hired its first Chief AI Officer in 2024, and its upcoming three-year strategic plan will focus on change management, professional development and updating employees’ job skills. 

Muth said they are focused on evolving their human capital needs because one of her biggest fears is that over that five-year transition “we‘re going to lose a lot of our expertise” by automating functions and not doing enough to modernize job requirements.

“We do see it as a big transformation, not only for just utilizing the technology, but moving our workforce along with us, having them excited about the changes and not fearful, because there’s a lot of fear…that their job is going away, that they won’t have a job,” she said.

The post Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul appeared first on CyberScoop.

Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation.

Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference.

Ramirez first won election to Congress in 2022 and was reelected in 2024. She has served as the vice ranking member of the committee since 2023. She is now the ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection.

She has leveled criticisms during committee hearings about the Trump administration’s personnel cutbacks at the Cybersecurity and Infrastructure Security Agency, and was critical of how data was secured under the administration’s Department of Government Efficiency initiative led by Elon Musk.

“Under a Musk and Trump presidency, it’s clear that the security of Americans’ information is not a priority. I mean, a private civilian with no security clearance bullied his way into the Treasury, set up private servers, and stole sensitive information from an agency. If that isn’t a national security crisis, a cybersecurity  crisis –then I don’t know what is,” Ramirez said at an early 2025 hearing. “The true threat to our homeland security is ‘fElon’ Musk, Trump, and their blatant misuse of power to steal information and coerce employees to leave agencies.”

She cosponsored legislation last year meant to strengthen the cybersecurity workforce by promoting measures to help workers from underrepresented and disadvantaged communities to join the field.

But she also had criticisms of U.S. cybersecurity under the Biden administration, including of Microsoft’s role in the SolarWinds breach.

In a statement about her appointment Tuesday, Ramirez took aim at at Trump, Vice President JD Vance, Department of Homeland Security Secretary Markwayne Mullin and White House homeland security adviser Stephen Miller.

“It’s clear that the security of our communities’ information, federal networks, and critical infrastructure have not been priorities” under them, she said. “Between the security failures of DOGE, the abuses of immigrant families’ data, and the decimation of CISA’s workforce and resources, Republicans have demonstrated a lack of interest in safeguarding our nation’s cybersecurity and our residents’ civil rights and privacy. In neglecting necessary oversight, Republicans have deregulated emerging technologies, allowed bad actors to profit from violations of our civil rights, and consented to the weaponization of government systems. It is more critical than ever that we assert our Congressional authority and disrupt the blatant corruption making us all less safe.”

Swalwell left the position following his resignation from Congress as a representative from California amid allegations of sexual misconduct.

Her ascension completes a full leadership turnover for the subcommittee. Rep. Andy Ogles, R-Tenn., took over the gavel late last year after former chairman Andrew Garbarino, R-N.Y., took over as chairman of the full committee.

The subcommittee is set to hold a hearing Wednesday on CISA and its role as the sector risk management agency for a number of critical infrastructure sectors.

Updated 4/28/26: to include comment from Ramirez.

The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop.

Sean Plankey, the long-sidelined nominee to lead the Cybersecurity and Infrastructure Security Agency, asked President Donald Trump on Wednesday to withdraw his nomination.

“At this point in time, I am asking the President to remove my nomination from consideration,” he said in a notification letter seen by CyberScoop. “After thirteen months since my initial nomination, it has become clear that the Senate will not confirm me.”

Plankey’s request comes weeks after the Senate confirmed MarkWayne Mullin to lead the Department of Homeland Security, CISA’s parent agency.

“The Nation and Department of Homeland Security Secretary MarkWayne Mullin requires a confirmed director of CISA without further delay,” Plankey wrote, adding thanks to Trump himself. “While I humbly request the removal of my nomination, I wholeheartedly support President Trump’s upcoming nomination for CISA and look forward to the continued success of the United States of America.”

Plankey’s nomination was considered dead by most at the end of last year. His renomination this year caught many by surprise, with CBS reporting the paperwork filing was an accident. The White House denied that.

Numerous senators had placed holds on his nomination, including GOP senators who held him up over matters unrelated to cybersecurity. Most prominently, Sen. Rick Scott, R-Fla, had placed a hold on his nomination over a Coast Guard contract with a Florida company that DHS had partially canceled.

Plankey had been serving as an adviser to then-DHS Secretary Kristi Noem on Coast Guard matters. He retired from the Coast Guard last month.

While Plankey awaited confirmation, Bridget Bean, then Madhu Gottumukkala, served as acting director. Gottumukkala recently left the position for another at DHS amid widespread complaints about his leadership. Nick Andersen is currently serving as acting director.

Plankey told CyberScoop he had discussed withdrawing his nomination with Mullin. He said he has a “positive relationship” with Mullin and supported his leadership of DHS. And Plankey called Andersen “one of the most competent cybersecurity people in the country.”

Politico first reported Plankey’s withdrawal request. The White House and CISA did not respond to an official request for comment. When asked for a comment, a DHS spokesperson said the department doesn’t comment on personnel matters.

Plankey’s plans leave the agency with yet more upheaval. Trump has dramatically cut personnel and budget at CISA, with many top officials pushed out or otherwise departing. He has proposed deeper budget cuts still for fiscal year 2027.

Updated 4/22/26: to include DHS response.

The post CISA director pick Sean Plankey withdraws his nomination appeared first on CyberScoop.

The Cybersecurity and Infrastructure Security Agency has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security. 

Emails from CISA obtained by CyberScoop recently informed applicants that the agency will not bring any CyberCorps: Scholarship for Service interns onboard this summer due to the impacts of the federal funding lapse and the current administrative situation at DHS. For some applicants, agency representatives acknowledged that the cancellations represent a second consecutive year of disrupted placement efforts.

The National Science Foundation (NSF) leads and manages the program, in coordination with the Office of Personnel Management (OPM) and DHS. The program covers tuition and provides stipends for students specializing in cybersecurity and artificial intelligence. In exchange, graduates must complete an internship and subsequently work in federal service for a period equal to the duration of their scholarship. 

An OPM official told CyberScoop the agency is “actively in contact with all Federal cabinet agencies on this topic, and are confident that we will place nearly all eligible Scholarship for Service participants within the next couple months.”

An NSF spokesperson declined to comment.  CISA did not respond to CyberScoop’s request for comment. 

The sudden closure of agency pipelines highlights how federal job seekers are currently navigating a paralyzed hiring environment, exacerbated by budget turmoil at DHS and proposed workforce reductions under the Trump administration. The White House’s fiscal 2027 budget would slash CISA’s budget by $707 million, according to a summary released earlier this month, which would deeply chop down an agency that already took a big hit in President Donald Trump’s first year.

Sources told CyberScoop Tuesday that CISA has been reaching out to internship applicants who had participated in a virtual job fair held in February, where they were told that the agency would have 100 internship roles available. However, applicants were warned that the agency would not be able to hire anyone until the agency was funded. 

Program participants expressed regret to CyberScoop last November over taking part in an initiative that binds them to an employer currently unable to hire them. Program administrators have reportedly advised students to get creative in their job searches, a directive that caused frustration among participants who rely on standard federal placement pipelines.

In response to the growing backlog of unplaced graduates, OPM announced plans to collaborate with the National Science Foundation on a mass deferment. OPM Director Scott Kupor stated that the deferment will be implemented after the government shutdown resolves, providing graduates additional time to secure qualifying positions.

The structural breakdown of the CyberCorps pipeline presents long-term challenges for the federal government’s ability to recruit technical talent. The United States currently faces an estimated 500,000 open cybersecurity positions. The scholarship program was historically viewed as a reliable mechanism to bypass private-sector wage competition and secure early-career talent for the federal government.

Lawmakers are currently battling over bills that would end the DHS shutdown. 

Tim Starks contributed to this story. 

The post CISA cancels summer internships for cyber scholarship students amid DHS funding lapse appeared first on CyberScoop.

With the country’s cybersecurity workforce still experiencing major shortages, a bipartisan, bicameral group of lawmakers is pushing to enlist the Department of Labor to help tackle the problem.

The Cyber Ready Workforce Act would direct the DOL to establish a grant program that supports the “creation, implementation, and expansion of registered apprenticeship programs in cybersecurity,” per a press release announcing the bill’s introduction this week.

“As cyberattacks become more common and complex, we need to ensure we have the workers with the training and skills necessary to protect our cyber infrastructure and Americans’ personal data,” Sen. Jacky Rosen, D-Nev., one of the bill’s co-sponsors, said in a statement. “This bipartisan legislation will help fill gaps in our cybersecurity workforce and will open the door to more good-paying, cutting edge jobs for Nevadans, regardless of whether or not they have a college degree.”

Another co-sponsor, Sen. Marsha Blackburn, said in a statement that the legislation would provide “targeted support” for businesses, colleges and nonprofits that need more cyber protections. The country’s “severe talent shortage” in cyber “poses a serious threat to our national security and economic growth,” the Tennessee Republican said.

The introduction of the legislation Tuesday isn’t Rosen and Blackburn’s first bite at the apple, but previous efforts stalled out in the Senate. This time around, the senators added a pair of House co-sponsors — Reps. Susie Lee, D-Nev., and Brian Fitzpatrick, R-Pa. — to the pitch. It also comes at a time when the Trump administration has directed the DOL to do more with apprenticeships and technology.

Lee said in a statement that in Nevada alone, there’s a shortage of 4,000 cybersecurity professionals. Some estimates put the nationwide cyber workforce deficit at nearly half a million jobs.

“Whether you know it or not, cybersecurity … impacts all of us, from our small businesses, to utility grids, to our national security. But we don’t have enough talent to fill these jobs.” Lee said. “This bill will help ensure that we don’t fall behind when it comes to cybersecurity, while putting Nevada at the forefront of the high-demand, high-impact, and high-paying jobs of the future.”

According to a fact sheet posted to Lee’s congressional website, the bill calls on the Labor Department to award grants to “workforce intermediaries” that will grow the number of registered cybersecurity apprenticeship programs. 

Grant funding should be used for developing curricula and providing technical instruction. It could also go toward marketing and recruitment programs, support services such as career counseling and mentorship, and assistance for things like transportation, housing and childcare costs.

The legislation also encourages grant recipients to connect and collaborate with workforce intermediaries in business, nonprofit and academic settings. Coordinating on resources in cyber apprenticeship programs should ensure federal investments aren’t going toward duplicative efforts, per the fact sheet. 

“The continued shortage of cybersecurity professionals has exposed our nation to severe vulnerabilities, threatening our economy and national security,” Fitzpatrick said in a statement. “Now, more than ever, a strong cybersecurity workforce is necessary to protect our interests at home and abroad.”

Addressing the cybersecurity workforce shortage has been a priority for many lawmakers over the past several years, with legislation seeking to establish cyber grants at two-year colleges and minority-serving institutions, create new federal cyber training programs, give money to CISA for minority recruitment efforts and more.

The post Lawmakers renew push for Labor Department-backed cyber apprenticeship grants appeared first on CyberScoop.

The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.

The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.

“Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.”

A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.

“One of the things that we are working to do is to align those sectors and prioritize those sectors in a way that makes sense,” he said.

Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances. One of those instances is the Securities and Exchange Commission’s 2023 incident disclosure rule, which drew some of the most vehement industry opposition under the Biden administration’s’ pursuit of cyber regulations. The idea is to make sure they “make sense for industry,” Cairncross said.

But the administration also will have things it seeks from the private sector. That will include bringing together CEOs and sending the message to them that “you need to dedicate some real resources,” he said.

Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.

The effort, which Cairncross said the administration would release details on soon, will also include a foundry (which “will be able to scale with private capital new innovation, and deploy it more quickly”) and an accelerator (“so when there’s preceded financing on on projects to really ramp that up and be able to scale as well and overcome some of the procurement hurdles that are often based in in this space”).

Cairncross said at a second event Monday that another forthcoming step was a law enforcement pilot program to better share information with state and local governments.

“We’re looking for ways to streamline information sharing from the USG side,” Cairncross said at a Billington Cybersecurity event, using the acronym for “U.S. government.” “Often, ‘how’ we know things is extremely sensitive, ‘what’ we know is less so,” he said. The goal is “to figure out how to communicate that in a helpful, actionable way.”

Updated, 3/9/26: to include comments about law enforcement pilot program.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.

President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce.

Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud.

A little more than half of the five pages of strategy text of the long-anticipated document is preamble, and two of its seven pages are title and ending pages. Administration officials have said the strategy is deliberately high-level, and the White House promised more detailed guidance in the future.

The strategy “calls for unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions,” the White House said in a statement accompanying its release.

Each of the six “pillars” of the strategy offer some prescriptions.

“Shaping adversary behavior” calls for using U.S. government offensive and defensive capabilities in cyberspace, as well as incentivizing the private sector to disrupt adversary networks.

It also says Trump will “counter the spread of the surveillance state and authoritarian technologies that monitor and repress citizens,” even as administration critics argue that his administration has fostered surveillance and repression against U.S. citizens.

The shortest pillar, “promote common sense regulation,” decries rules that are only “costly checklists.” The Biden administration expanded cyber regulations, spurring some industry resistance. But the Trump pillar does talk about addressing liability, a point of emphasis for the prior administration as well.

“Modernize and secure federal networks” talks about using concepts and technologies like post-quantum cryptography, artificial intelligence, zero-trust and lowering barriers for vendors to sell tech to the government to meet those goals.

To “secure critical infrastructure,” the strategy calls for fortifying not just owners and operators but also the supply chain, in part by focusing on U.S.-made rather than adversary-made products.

“We will deny our adversaries initial access, and in the event of an incident, we must be able to recover quickly,” the strategy reads. “We will galvanize the role of state, local, Tribal, and territorial authorities as a complement to— not a substitute for — our national cybersecurity efforts.” Some critics of the administration’s cybersecurity actions have contended that it has shifted the burden to state and local governments too much.

AI usage makes up the bulk of the pillar entitled “sustain superiority in critical and emerging technologies,” in addition to reflecting earlier parts of the strategy on the topics of quantum cryptography and privacy protection. That includes the protection of data centers, the subject of localized fights across the country over their location and resource costs.

The final pillar says the United States must “build talent and capability,” after a year of the administration cutting a significant number of cyber positions in the federal government. “We will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce,” it states.

Some positive reviews rolled in about the strategy despite the late-Friday afternoon release, traditionally the time of week when an administration looks to publish news it hopes will garner little attention.

“As new and more sophisticated threats emerge, America needed a new national cyber strategy that captures the urgency of this moment,” USTelecom President and CEO Jonathan Spalter said in a news release. “The President’s strategy rightly recognizes that harnessing America’s unique mix of private-sector innovation with public-sector capacity is the best deterrence.”

Frank Cilluffo, Director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, was struck by the focus on deterrence: “This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn’t be more timely.”

The Business Software Alliance cheered the call for streamlining cyber regulations, in particular.

A number of cyber vendors took note of the passages on AI. “Redirecting resources from paperwork to AI-powered security capabilities is the only way to keep pace with modern threats and adversaries who operate at great speed,” said Bill Wright, global head of government affairs at Elastic. “This strategy appears to recognize that fundamental truth.”

Not all the reviews were flattering, however, including from the top Democrat on the House Homeland Security Committee, Bennie Thompson, who said the strategy’s “underachieving” was the only thing impressive about it.

“What little ‘substance’ does exist in this pamphlet is a mishmash of vague platitudes, a long catalogue of ‘we will’ statements that may or may not match the Administration’s current behavior, and, mercifully, an apparent extension of some Biden-era policies,” he said. “Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals — an objective possibly hamstrung by the hemorrhage in cyber talent across all Federal agencies since Trump took office.”

The executive order Trump signed Friday coincides with the release of the strategy but there’s little overlap between the subject matter; the strategy makes one mention of cybercrime.

The order directs the attorney general to prioritize prosecution of cybercrime and fraud, orders agencies to review tools that they could use to counter international criminal organizations and  gives the Department of Homeland Security marching orders to improve training, in addition to other steps, according to a fact sheet.

“President Trump is unleashing every available tool to stop foreign-backed criminal networks that exploit vulnerable Americans through cyber-enabled fraud and extortion,” the fact sheet states.

The post The long-awaited Trump cyber strategy has arrived appeared first on CyberScoop.

The chief information officer at the Cybersecurity and Infrastructure Security Agency announced his departure Tuesday, ending his nearly five-year run at CISA.

Robert Costello, an 18-year veteran of the Department of Homeland Security, posted about the move on LinkedIn.

“Serving as CIO at CISA has been one of the greatest privileges of my career,” he said. “Together, we strengthened our cybersecurity posture, modernized critical systems, and built capabilities that will endure. I am incredibly proud of what we accomplished as a team.”

Costello’s tenure had recently grown turbulent, with conflicting accounts of whether the since-departed acting director of CISA, Madhu Gottumukkala, had tried to force him out. Costello last week received transfer orders for possible reassignment to another agency.

Costello had supporters on the Hill and elsewhere, with House Homeland Security Chairman Andrew Garbarino, R-N.Y., saying as recently as last month that it was good that an earlier reported attempt to move Costello out of the CISA CIO job had fallen short.

As CIO at the agency, Costello advocated for top-notch tech as a recruiting boon. He has been involved in efforts to respond to vulnerabilities within CISA. He has sometimes served as a public face for the agency at events, has touted new tools designed to enhance CISA services and has argued for greater use of artificial intelligence in his role.

“Throughout my career at CISA, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement (ICE), and in the United States Air Force, I have been guided by a commitment to protecting our nation and advancing the greater good,” Costello said. “It has been the honor of a lifetime to serve alongside public servants whose integrity and professionalism set the standard.”

Costello did not indicate his future plans beyond leaving the federal government and a “commitment to service and to this nation.”

Costello’s move isn’t the only recent shakeup at the agency. CISA recently got a new acting director, Nick Andersen, to replace Gottumukkala after the former acting director left for a DHS headquarters post, as the nomination of Sean Plankey to lead CISA continues to stall. The acting chief human resources officer, Kevin Diana, also reportedly received transfer orders.

The post CISA CIO Robert Costello exits agency appeared first on CyberScoop.

The FBI’s cyber chief is prioritizing preparation for stepped-up Chinese threats, enhanced confrontation of adversaries in cyberspace and quicker intelligence sharing with industry as the bureau enters the second and final month of a unique cybersecurity awareness campaign.

Brett Leatherman, who took over as assistant director of the FBI’s cyber division last summer, listed those topics as his three top priorities in a recent interview with CyberScoop. At least two of them overlap considerably with the bureau’s current awareness campaign, Operation Winter SHIELD.

It’s the kind of thing that might normally be more expected to come out of the Cybersecurity and Infrastructure Security Agency, which once had its own shield-themed campaign, rather than the FBI.

‘We’ve never done a media campaign like this before,” he said. “But while it’s atypical for a law enforcement agency to do this kind of technical media campaign, we thought it was incredibly important because it translates that law enforcement perspective [into] meaningful ways that industry can move the needle towards increased resilience across critical infrastructure, industry, government agencies and beyond.”

As part of the campaign, the FBI is highlighting 10 recommendations, like protecting security logs and implementing phishing-resistant authentication, that stem from the FBI’s incident response mission.

“The 10 recommendations that we’re making right now are not a surprise to many people out there who work or have cyber over the last few years, but it’s important that we also highlight that these 10 controls are the ways that we continue to see actors getting into fortune 100 businesses and small to medium businesses in virtually 99% or greater of the investigations we run,” Leatherman said.

The campaign has involved localized events for industry, podcasts, international appearances, coordinated messages with cyber-focused companies and more. They sometimes emphasize different threats based on where they’re held, or specific cases that demonstrate how not following the 10 recommendations has led to a past real-life breach. 

In the Honolulu field office, for instance, the FBI held a cyber executive summit with critical infrastructure owners and operators and other key partners. There, the emphasis was on how Hawaii is a potential target of Chinese hackers, especially with the possibility of a People’s Republic of China invasion of Taiwan in 2027.

Securing 2027 is the first priority for Leatherman as assistant director of the cyber division. The idea is to “defend the homeland against an increased PRC targeting of the homeland,” should a China-Taiwan conflict have U.S. spillover.

Leatherman’s second priority is better contesting U.S. adversaries in cyberspace, with joint, sequenced operations — “technical operations through our lawful authorities to remove capacity and capability from the adversary.” That includes looking for ways to enhance those operations with AI.

And his third priority circles back to information sharing with industry. Leatherman said the FBI has some unique cyber threat intelligence capabilities and wants to share it more quickly, so it can have an immediate impact.

Leatherman said Winter Shield is meant to serve as a complement to CISA’s work and vice-versa. The international component of the campaign still has an eye on the homeland, he said. “We’re helping partners understand the Internet is so interconnected now, companies are international, and if you just do this work here in the homeland, you’re at risk of actors targeting your international operations and pivoting into U.S.-based work,” he said.

The second Trump administration’s approach to the FBI has raised concerns from Congress, former agents and elsewhere about whether the bureau’s cyber focus is being curtailed. The bureau has lost veteran leadership, and FBI data that a top Senate Democrat released points to personnel being shifted to immigration-related tasks, including those drawn from cyber work. The administration has also proposed budget cuts for the bureau.

And the FBI’s parent agency, the Justice Department, has shut down a team that combats cryptocurrency crimes amid industry backlash toward U.S. government actions in cases like  Tornado Cash, which the Biden administration accused of abetting money laundering from ransomware outfits.

Leatherman said FBI Director Kash Patel and other bureau leaders have been strong backers of the FBI’s cyber mission.

“We have not moved resources from [the] cyber division,” he said. “We still have our virtual asset unit, we still have our Virtual Currency Response Team, all those teams responsible for tracking the stolen crypto from” North Korea.

“We’re doing regular tracing. We’re trying to seize that when we can,” he said. “We’ve increased our ability to target nation-state actors given the support of FBI leadership, so we have not moved resources off the threat and we continue to prioritize both threat actor pursuit and victim engagement.”

The post The FBI’s cyber chief is using Winter SHIELD to accelerate China prep, threat intelligence sharing appeared first on CyberScoop.

Madhu Gottumukkala is out as acting director of the Cybersecurity and Infrastructure Security Agency, with current agency executive director for cybersecurity Nick Andersen replacing him as the interim leader.

News of Gottumukkala’s departure breaks one day after CyberScoop reported on widespread dismay with the agency’s performance during the first year of the Trump administration, with significant criticism aimed at Gottumukkala’s leadership on both sides of the aisle after a number of unflattering stories about his stewardship.

“Madhu Gottumukkala has done a remarkable job in a thankless task of helping reform CISA back to its core statutory mission,” a Department of Homeland Security official told CyberScoop Thursday. “He tackled the woke, weaponized, and bloated bureaucracy that existed at CISA, wrangling contracts to save American taxpayer dollars.”

Gottumukkala, served as chief information officer under then-South Dakota Gov. Kristi Noem, now secretary of DHS, before he was picked as deputy director of the agency. Sean Plankey’s nomination to serve as full-time director of CISA has stalled, leaving Gottumukkala as the acting director in his place.

Gottumukkala will take on a new role at DHS, as director of strategic implementation. Andersen has won more favorable reviews from industry and cyber professionals during his tenure at CISA than did Gottumukkala, whom some still praised for his technical acumen.

ABC News first reported the news on the Gottumukkala and Andersen moves. The news comes the same day as reports about another leadership change at the agency, with Cybersecurity Dive first reporting on the exit of Robert Costello as CISA CIO.

While some officials CyberScoop spoke to for its story about CISA this week believed the agency had some duplication, most thought the Trump administration had cut far deeper than needed, damaging the agency. 

Andersen has held several IT and cybersecurity roles in the public sector over the past two decades, including positions at the Coast Guard, Navy and Department of Energy.

The post Gottumukkala out, Andersen in as acting CISA director appeared first on CyberScoop.

“Decimated.” 

“Amateur hour.”

“Pretty much fallen apart.”

“It’s really hard to find something positive to say right now.”

It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It has suffered significantly during that time. 

CISA has lost roughly a third of its personnel and shuttered entire divisions. Observers across the political spectrum told CyberScoop for this story that even on its core missions, like coordinating with industry and protecting federal networks, the agency is significantly diminished.

Many sources that spoke with CyberScoop did so under the condition of anonymity, in order to be more candid or avoid retribution. They told CyberScoop that CISA’s biggest problems, and their consequences, include:

• Trump’s ire over the 2020 election results has led to the agency being deprioritized within the administration. Congress has yet to approve the administration’s permanent pick to lead the agency, Sean Plankey, and lawmakers have failed to do other things to strengthen it. 
• CISA’s capabilities have been significantly diminished by the loss of personnel, expertise and programs. 
• In the absence of a permanent leader, Acting Director Madhu Gottumukkala has struggled to lead the agency. “I don’t think anybody would argue he’s doing a great job,” one industry source said.
• Organizations that previously turned to CISA for help now seek alternatives, like industry alliances, outside consultants or government-to-government partnerships.

Where to assign blame varied from source to source. Most criticized both the administration and Congress, though some faulted one more than the other.

Some see bright spots in CISA under the current administration. And while many are pessimistic about the agency’s future, others expressed optimism.

But the first year reviews are not glowing.

“Year one was a tough year for the agency,” said House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y. He noted that a “lot of the best and brightest have left the agency,” though he expressed optimism about Plankey’s ability to turn CISA around. “The amount of cyberattacks that our nation is seeing every day, both on the private side and on the federal government side — you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”

Said Mississippi Rep. Bennie Thompson, the top Democrat on Garbarino’s panel: “It’s tough to have a robust entity when you cut the money…we are weaker because of CISA’s lack of manpower.”

When priorities shifted

Trump has harbored animosity toward CISA since 2020, when it contradicted his false claims related to widespread electoral fraud. He and his allies built on that animosity, recommending in Project 2025 that the agency be dismantled, divided by its core responsibilities, and farmed out to other federal agencies. 

“There was uniquely a target on its back,” said one CISA official who left in 2025. That hostility came from some Republicans in Congress, especially Kentucky Sen. Rand Paul, who chairs the Senate Homeland Security and Governmental Affairs Committee.

Said Thompson: “CISA wasn’t politicized for the most part, until the Trump administration came along and accused them of somehow contributing to his [election] loss.”

CISA has lost substantial personnel, including veterans and whole teams. Some employees were transferred to other divisions in the Department of Homeland Security. Election security was quickly cut. Two information sharing and analysis centers (ISACs) that serve state and local governments lost funding. A division coordinating with foreign governments, businesses and state and local governments was effectively closed.

The agency has lost senior leaders in programs like counter-ransomware initiatives, threat hunting and secure software development. Contracts for things like detecting threats in critical infrastructure networks, tracking vulnerabilities and collaborating with industry teetered, albeit sometimes only temporarily. 

DHS has unraveled multiple programs in which CISA plays a key role, such as by dismissing members of the Cyber Safety Review Board and disbanding the Critical Infrastructure Partnership Advisory Council. Congress has lurched between letting both a key state and local cyber grant program and a cyber threat information sharing law lapse and temporarily re-upping them.

The departures and program changes likely haven’t ended, either. 

“It’s not a very harmonious place right now,” said one industry source. “I hear from people that are looking to leave.” Former CISA employees say those who remain either believe strongly in the mission, or are simply keeping their heads down until retirement from federal service.

“People I talk to say the morale is really low,” said James Lewis, distinguished fellow with the tech policy program at the Center for European Policy Analysis think tank.

CISA and DHS officials routinely say the changes are designed to get the agency “back on mission.” Lewis, industry officials and others say CISA probably never needed to get involved in combatting misinformation and disinformation, roles that rankled some conservatives, but the agency largely halted that work prior to Trump returning to office.

Some saw duplication and redundancy at CISA as legitimate problems. “I did see overlap between who was actually doing policy and who was actually doing the operational work,” said Ari Schwartz, managing director of cybersecurity services at the law firm Venable and a former Obama administration cybersecurity official.

It was not that long ago when CISA experienced quick budget growth, particularly after its establishment in 2018.

“As with any organization, the first few years are growth years and after a while, the agency needed to reevaluate how it was operating and meeting its statutory authorities,” said Kate DiEmidio, who formerly served as the agency’s director of legislative affairs and acting chief external affairs officer. “There was a need for the agency to refocus.”

Even among those who saw the need for change at CISA, though, many saw the Trump administration as going way too far. “CISA needed surgery,” Lewis said, but “what it needed was surgery with a scalpel, not a sledgehammer.” He added, “Not only is the White House hostile to CISA, but cybersecurity isn’t a priority for them.”

A question of capacity

The cuts have created real-world consequences for cybersecurity coordination. Former officials and industry partners describe broken relationships, unanswered requests for help and serious questions about whether CISA can handle a major crisis. The coordination and engagement that defined the agency’s approach have largely diminished.

The end result is that “they’ve dismantled all of those capabilities in units within government,” said Caitlin Durkovich, a former DHS official in the Obama administration and White House official in the Biden administration. She recently started a firm with former top CISA official Jeff Greene that offers services CISA has scaled back, such as security assessments.

“It’s been really hard to watch,” Greene said, how CISA has been working with the private sector and local governments on “developing a level of trust that is weakening or gone.”

One industry source said they used to meet regularly with top officials, but now can’t get a response. “We’ve got really good engagement elsewhere in government. We really would like the opportunity to do the same thing with CISA,” they said. “Some of the trust that had been built up has been eroded.”

Thompson said the biggest losses have been in election security and secure-by-design, areas where his staff says personnel has been “decimated.”

Said another industry source: “I do feel like that when people, if organizations, want to reach out to CISA, it’s not clear who’s there… If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organized and ready to roll? I don’t think so.”

Another former CISA official described the current situation as a “lack of capacity,” especially when it comes to coordinating with state and local governments and others on a regional basis.

“A bunch of regions are really grappling with the loss of really key personnel who were the ones that were establishing and maintaining these relationships, and really trying to build the trust between the agency and the private sector, and especially in critical infrastructure,” they said. “Not having as many people to help do that national coordinating function that CISA is supposed to do is a real issue.”

They also said there are fewer people working in “flagship programs” like secure-by-design and developing regulations for the landmark Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). “People are overstretched,” they said. “They’re not doing all the things that they could or should be doing, or want to be doing, and I think that you see evidence of that with talk from the private sector and their inability to to reach people and to get help “

Schwartz said he worries about when “an incident happens, do they have the people to go in, go to the states, go locally, and really do the work that’s needed, as they did in the past? Because they’ve lost some of that ability.”

Lewis said that “overall, the impression is it’s a much weaker entity than it was a year ago.”

“Their power was in their ability to act as a focal point, to coordinate, to bring people together, and just the publication of vulnerabilities and some of the things they were starting to get into in the previous administration were big steps forward that’s been diminished because they don’t have the people now,” he said. “So a smaller organization, that’s just not going to be as powerful.”

State and local governments say they’ve lost critical connections with CISA, saying they’ve had to turn to one another to fill the gaps.

“We’re asking states to do a job they’re not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC. “This is precisely where you do need a strong, centralized federal security function. We already have a national shortage of cybersecurity experts, and you can’t just replicate that expertise 50 times over.”

Overall, Weiss said industry partners have felt the lack of outreach from the agency. “Fewer touchpoints, fewer briefings, fewer problem‑solving calls,” he told CyberScoop, adding that there’s “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.”

Rob Knake, a former top Biden administration official, recently said that “CISA as an organization has pretty much fallen apart.”

Leadership in limbo

One near-universal sentiment is that as Sean Plankey’s leadership nomination drags in the Senate, the agency is worse off.

“We need to start this year off right, and we’re already in February and can’t get Plankey confirmed,” Garbarino said. “There’s nothing better than having a Senate-confirmed person running the show.”

The acting director has also faced criticism beyond the operational issues. Gottumukkala, who served as South Dakota’s chief information officer under Kristi Noem before she became DHS secretary, has faced fire from both parties for his stewardship.

A string of embarrassing stories have emerged about Gottumukkala, from the tale of him failing a polygraph test and seeking to oust those who administered it; to his reported attempted ouster of veteran agency CIO Robert Costello; to his reported uploading of sensitive contract data to ChatGPT. DHS has defended Gottumukkala amid those revelations.

Reading stories like that, “It just sounds like amateur hour,” said one former CISA employee.

“I don’t think he’s up to the task. I believe that he’s not the best person, and I think he is just somebody the secretary likes, because they both are from South Dakota.” Thompson said. “I don’t know anybody before this administration who would be in sensitive areas and not have passed minimal standards like the polygraph.”

The ChatGPT story drew concern from the right by Senate Judiciary Chairman Chuck Grassley, R-Iowa, as well as from conservative figure Laura Loomer (the latter of whose remarks were racially tinged). Others were more perturbed by the lie detector story.

“When you have security issues with someone in a leadership position, you should find another place for them to go,” said a former Trump administration national security official. “There are plenty of competent people in DHS, in CISA, who could hold things together until Sean Plankey gets there. There are lots of serious things CISA needs to be working on right now. This is a drag on that. It’s not a place where you want any type of friction at the top.”

Garbarino was more generous, noting Gottumukkala’s technical background. DiEmidio also noted Gottumukkala’s technical skills. But Garbarino and Nevada Rep. Mark Amodei, the GOP chairman of the House Appropriations Subcommittee on Homeland Security, have been seeking CISA’s organizational plans to no avail.

“I don’t think he’s intentionally lying to us by saying there’s no reorg plan,” Garbarino said. “But there’s got to be some reasoning behind all these moves, moving the people around, or layoffs or whatever. I want to give him the benefit of the doubt that he is the technical guy that has been given a non-technical job to do.”

Schwartz and some others largely blame Congress for CISA’s current woes, since they haven’t approved Plankey as a full-time, permanent leader. “A lot of the issue is the fact that just doesn’t have the leadership to be able to participate in senior-level discussions,” he said.

What’s left to build on

Despite myriad complaints, many observers still see value in the current iteration of CISA. Some are hopeful about its ability to rebound, too.

CISA says it’s still devoted to its missions. The agency published a 2025 year-in-review about its accomplishments.

“CISA remains steadfast in its mission to safeguard the systems Americans rely on by strengthening federal network defenses, empowering businesses, and fortifying critical infrastructure nationwide,” Gottumukkala said in a statement to CyberScoop.

Moving forward, “we will deepen collaboration with trusted partners, prioritize highly skilled technical professionals, and direct resources for maximum impact—accelerating innovation, operational coordination, and workforce right-sizing to reduce long-term risks while maintaining strong industry partnerships and cost efficiency,” he said. “The CISA leadership and workforce remains committed to this mission despite a small minority who are upset that accountability and reform have come to the agency.”

It’s a message Gottumukkala recently delivered to Congress. “He tried to give the impression that we haven’t lost any capacity,” Thompson said. “I wasn’t impressed.”

Others said CISA is still carrying out many of its old tasks, such as issuing public alerts on vulnerabilities and threats.

“There’s still some good reporting coming out,” Greene said. “But what I can’t know is the volume of what they can put out versus what they used to be able to put out.”

Weiss said “CISA still has tremendous value in areas only the federal government can truly provide: national‑level visibility, cross‑sector coordination and the ability to marshal resources across agencies in a crisis.” But it’s not clear whether CISA can rise to the occasion like it did during the 2024 Change Healthcare crisis.

“All of this means it’s more important than ever for the private sector to take the initiative,” he said. “Critical infrastructure owners and operators cannot assume the federal government will have the capacity to step in the way it once did.”

Weiss and others also said that CISA has refocused on federal networks, but others, such as Lewis, said it’s also diminished there. “That’s their primary mission, and they don’t have the policies or the bodies to do that,” Lewis said.

Garbarino and a number of industry sources say they’re encouraged by the idea that the Trump administration could write less onerous regulations for CIRCIA, with an earlier draft drawing bipartisan and industry criticism.

A Senate-confirmed leader could further brighten the agency’s prospects, many agree. “They still have some good talent there. It’s not totally that we’ve lost everything there,” Schwartz said. “If you have leadership in there, then you can build it up.”

DiEmidio said some of the staff changes have made sense. Election security had more people than other sectors that needed the help, she said. 

“In some ways, I think the external attention to CISA’s mission in the media and with Congress was completely focused on one or two things, and the focus on the things that really matter, and the good work that CISA is doing got overshadowed,” she said. For the agency’s cybersecurity division and other cyber teams, “there were several incidents over the summer where those teams were incredible. They were working evenings, weekends.”

But many agree that rebuilding CISA’s workforce will be difficult.

The Trump administration has deliberately made working for the federal government challenging as a matter of policy. Russell Vought, head of the Office of Management and Budget, said before the election that the goal was to put federal workers “in trauma.” Morale at CISA has been particularly bad, they say. Periodic DHS shutdowns haven’t helped.

On the plus side for CISA, it’s a bad labor market, Lewis said.

Some of what CISA needs to do going forward is about managing expectations, said DiEmidio.

“What I would want to make sure is that CISA has a hiring plan in place to start hiring, especially in those key technical positions at all levels,” she said. “ I think you have to have an understanding that people are going to rotate in and out of government. Not everyone wants to stay in government long term and that’s okay.”

But there are some worries about CISA recruiting going forward. “Just the way they handle the departures, for a lot of folks, I don’t think it gives a lot of encouragement to individuals that ‘Hey, this is a great place to work,’” said one former DHS official.

The post Across party lines and industry, the verdict is the same: CISA is in trouble appeared first on CyberScoop.

The Trump administration wants to boost the use of artificial intelligence for security in a way that doesn’t increase the number of targets for adversaries to attack, a top official with the Office of the National Cyber Director said Thursday.

The administration will “promote the rapid implementation of AI enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors,” Alexandra Seymour, principal deputy assistant cyber director for policy, said at CyberTalks, presented by CyberScoop. “We want to ensure that as Americans, companies and agencies deploy AI to defend themselves, they are not inadvertently making themselves more vulnerable by widening the attack surface.”

Overall, “We’re working with our interagency and White House colleagues to promote AI-driven success while addressing concerns about AI security and countering AI abuse by adversaries,” she said.

The focus on AI is expected to get further attention from a forthcoming national cyber strategy and the implementation of that strategy due to follow.

“We are prioritizing rapid but secure AI development and diffusion,” Seymour said. “From the start, we will support a full range of counter-AI efforts, assuring our frontier models and countering adversary AI that controls or threatens citizens.”

Seymour reiterated how that means promoting U.S. AI cybersecurity standards and norms, but also  “establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools.”

One of the six pillars of that forthcoming strategy is focused on strengthening the cybersecurity workforce. The administration wants to consolidate existing efforts, drawing on the work of companies, government, academia, vocational schools and venture capital, Seymour said.

The administration wants to align “curriculum, workforce standards, cyber literacy, awards and job placement,” she said.

Seymour said one thing the administration hopes to emulate is Israel’s Unit 8200, an intelligence arm of the Israeli government that counts cyberwarfare among its missions. Its practices for training young talent includes boot camp-like classes and exercises.

“The White House does not want to reinvent the wheel, because we recognize the magnitude of great work in the space across the public and private sectors to train and upskill the cyber workforce,” Seymour said. “Rather, we hope to bring these existing resources all together to build a workforce pipeline that is clear, accessible and responsive to cyber skill gaps, including those related to emerging technologies such as AI and quantum.”

The Trump administration has shed personnel at major cyber agencies across the government.

The post ONCD official says Trump administration aims to bolster AI use for defense without increasing risk appeared first on CyberScoop.

The acting head of the Cybersecurity and Infrastructure Security Agency faced pointed questions from lawmakers Wednesday over CISA personnel decisions and staffing levels.

Members of the House Homeland Security Committee asked Madhu Gottumukkala about a reported attempt to fire the agency’s chief information officer, efforts to push out a large number of staff and whether CISA had enough people to do the job.

Gottumukkala at times sidestepped the questions, with the probing coming from both sides of the aisle. However,  Democrats exhibited deeper worries about the agency’s workforce and its ability to do its job.

Cutbacks at CISA after employees were “bullied into quitting” — among other methods of reducing CISA’s size — have “weakened our defenses and left our critical systems and infrastructure more exposed, and the American people more vulnerable,” said Rep. James Walkinshaw, D-Va.

Said Chairman Andrew Garbarino, R-N.Y.: “This committee supports the administration’s goal of aligning department [of Homeland Security] resources towards urgent homeland security priorities. At the same time, workforce continuity, clear leadership and mission readiness are essential to effective cyber defenses.”

The extent of those CISA personnel reductions was something lawmakers wanted Gottumukkala to be exact about in his answers.

The top Democrat on the panel, Mississippi’s Bennie Thompson, entered a chart into the hearing record that showed the number of personnel had fallen from 3,387 before President Donald Trump’s inauguration to 2,389 by the middle of December, or a loss of 998 people. Those figures aligned closely with the numbers Gottumukkala gave in testimony.

Under questioning from Thompson, Gottumukkala said CISA’s attrition rate was 7.5% last year, a figure he said was lower than most agencies. Gottumukkala said the agency has “the required staff” to do its work, but Thompson said he was still awaiting an expected letter from Gottumukkala on workforce needs and wanted a more precise number on current vacancies.

Gottumukkala also wouldn’t say whether the agency had carried out a study to determine whether its staffing was sufficient. In response to questions from Garbarino, Gottumukkala said there were no further planned organizational changes at CISA.

“We recognize that a disciplined mission requires the right workforce — not a larger one, but a more capable and skilled one,” Gottumukkala said in his opening remarks.

Democrats pressed Gottumukkala repeatedly on whether any CISA personnel had been reassigned to working on immigration enforcement, something he said hadn’t happened during his time at the agency, contradicting published reports to the country and a claim from Gottumukkala that Democrats said was false. The chart Thompson referenced showed 65 employees being reassigned out of CISA.

At times, GOP lawmakers gave Gottumukkala backing on CISA personnel numbers. Rep. Andy Ogles, who chairs the panel’s cybersecurity subcommittee, said, “You’re doing more with less, and you’re doing it more efficiently.” Republican appropriators recently released a homeland security funding bill that would cut CISA’s budget from nearly $3 billion to $2.6 billion.

Responding to a report that Gottumukkala had tried to force out Robert Costello, the agency’s CIO, Gottumukkala said individual agency personnel “decisions are not made in vacuum. It is a leadership-level [decision] at the highest levels, and we work according to how we see the roles fit.” 

Garbarino told reporters after the hearing that “ I don’t know whose decision it is making that personnel [move], but it was stopped, which is probably a good thing.”

Asked about a news story that he failed a counterintelligence polygraph test, Gottumukkala said that “I do not accept the premise of that characterization,” and any answer would have to be discussed in a closed hearing. Garbarino said he hoped an investigation into the polygraph incident would be settled soon.

Democrats repeatedly expressed frustration about Gottumukkala’s testimony. “You’ve managed to answer none of my questions,” Walkinshaw said.

Gottumukkala wouldn’t take questions from reporters after the hearing.

The post Lawmakers probe CISA leader over staffing decisions appeared first on CyberScoop.

Congressional appropriators announced funding legislation this week that extends an expiring cyber threat information-sharing law and provides $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including money for election security and directives on staffing levels.

The latest so-called “minibus” package of several spending bills to keep the government funded past a Jan. 30 deadline would extend the Cybersecurity and Information Sharing Act of 2015 through the end of the current fiscal year, Sept. 30. Industry and the Trump administration have been seeking a 10-year extension of a law that provides legal protections for sharing cyber threat data between companies and the government, but a deal on Capitol Hill has proven elusive.

The package, announced Tuesday, also would extend the expiring State and Local Cybersecurity Grants Program through the end of fiscal 2026. Both laws temporarily expired during the government shutdown before being included in broader government funding legislation that extended them through Jan. 30. The House Homeland Security Committee has approved legislation on a long-term extension of the grants program, but the Senate hasn’t taken any action on it.

Also notably, the “minibus” — with funding for Labor and Health and Human Services; Education and related agencies; Defense; Homeland Security; and Transportation, Housing and Urban Development and related agencies — includes an extension until Sept. 30 for the Technology Modernization Fund, a program focused on upgrading old and vulnerable federal tech that likewise has had difficulties getting an extension.

The legislation that funds the Department of Homeland Security (DHS) would provide $2.6 billion for CISA. The agency’s budget coming into the Trump administration stood at approximately $3 billion, and President Donald Trump sought nearly half a billion dollars less than that for fiscal 2026.

Under the bill, $39.6 million would go to continuing election security programs, namely election security advisers in each CISA region across the country and the continuation of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Last spring, the organization that supports the EI-ISAC said it no longer was doing so after the Trump administration terminated funding, with DHS saying the EI-ISAC no longer aligns with its mission.

Despite going along with much of what Trump sought on the CISA budget total, the DHS funding bill gives the department a commandment on CISA staffing levels, which have been significantly reduced under the president.

“CISA shall maintain a workforce consistent with the personnel and FTE [full-time employee] funded by the pay and non-pay amounts provided in this Act,” according to a joint explanatory statement from appropriators. “CISA shall not reduce staffing in such a way that it lacks sufficient staff to effectively carry out its statutory missions, including cybersecurity and infrastructure security for the Federal Civilian Executive Branch agencies, SLTT [state, local, tribal and territorial] partners, Sector Risk Management Agencies, international partners, and other stakeholders.”

The House Appropriations Committee touted the DHS spending bill in a news release, saying that “from our borders and ports to aviation and cyber, we deliver the personnel, training, and technology to reinforce our security at every level.”

The fate of the minibus depends on a number of factors, among them the thin GOP House majority and rising Democratic opposition to funding for the Immigration and Customs Enforcement agency.

The post Congressional appropriators move to extend information-sharing law, fund CISA appeared first on CyberScoop.

President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey’s bid for the position ended last year stuck in the Senate.

It’s not clear whether or how Plankey’s resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely ended, but it does definitively signal that the Trump administration still wants Plankey to have the job.

Plankey’s nomination was included in a batch sent to the Senate announced on Tuesday.

CISA spent all of 2025 under Trump without a permanent director. Trump nominated Plankey, who held a couple cybersecurity roles in the first Trump administration, to lead CISA in March. He got a Senate Homeland Security and Governmental Affairs Committee hearing in July, then won approval from that panel that same month.

But Sen. Rick Scott, R-Fla., had placed a hold on Plankey’s nomination over a Coast Guard contract that the Homeland Security Department had canceled in part. While he awaited confirmation, Plankey had been serving as a senior adviser to the secretary for the Coast Guard.

A spokesperson for Scott did not immediately respond to a request for comment.

North Carolina’s GOP Senate delegation also had placed holds on DHS nominees related to disaster aid to their state. Sen. Thom Tillis, R-N.C., said last week that the holds would remain until Secretary Kristi Noem appeared before the Senate Judiciary Committee.

A White House official had denied reports that Plankey’s nomination was all but over last year.

“President Trump has been clear that he wants all of his nominees confirmed as quickly as possible, including Sean Plankey, who will play a key role in ensuring a strong cyber defense infrastructure,” the official told CyberScoop.

Asked Wednesday at the Surface Navy Association national symposium about what he was doing to convince senators to lift their holds, Plankey answered, “The administration, the White House has to say that this is a priority of us.

“The support, the priority that the White House puts on it is the priority that I’ll get in there,” Plankey said. “I’m doing the best I can to perform, to deliver for the country and I look forward to the Senate confirming me.”

Drew F. Lawrence contributed reporting to this story.

Updated 1/14/26: To include comment from Plankey.

The post Sean Plankey re-nominated to lead CISA appeared first on CyberScoop.

Amid budding sentiment in the Trump administration and Congress to expand offensive cyber operations, some lawmakers and experts are warning that the United States needs to get its defenses in order before going too far down that road.

A House Homeland Security subcommittee on Tuesday examined how to deter foreign cyberattacks, with an emphasis on the role U.S. attacks could play in countering them. One long-running concern about improving U.S. offense is how it might provoke further attacks.

“I’m concerned we’re putting the cart before the horse, when we have not had a hearing on why the [Cybersecurity and Infrastructure Security] Agency has lost one-third of its workforce in the last year,” the top Democrat on the full committee, Bennie Thompson of Mississippi, said. “We ought to be cautious about pursuing an approach involving the use of offensive cyber tools that could result in retaliation or escalation if we’re not in a position to help defend U.S. networks.”

Other panel Democrats invoked a sentiment from sports about the importance of defense over offense. “Both are still important,” Rep. James Walkinshaw, D-Va., said during the hearing of the Cybersecurity and Infrastructure Protection Subcommittee.

Emily Harding with the Center for Strategic and International Studies, a D.C.-based think tank, testified that as the United States takes steps toward a more aggressive posture in cyberspace, it also needs to fund important defensive upgrades for federal government networks.

The chair of the subcommittee, Andy Ogles, R-Tenn., said that while defense was important, “defense alone is not sufficient,” and that “deterrence in cyberspace doesn’t exist without operational cyber offensive capabilities.”

The private sector could have a bigger role to play in boosting the country’s offense, since cybersecurity companies, tech providers and other businesses often have the best vantage point on attacks as both victims and investigators, Ogles said.

But much of the kind of things companies could do to bolster offense “exists in legal and policy gray space,” he said. “Companies face uncertainty about liability, retaliation and regulatory risk.”

A hybrid approach with private sector companies supporting government offensive operations rather than directly carrying them out generated the broadest support at the hearing. Harding said Congress could provide legal protections to companies in those circumstances.

CISA should play a key role in coordinating any public and private sector offensive activity, said Drew Bagley, chief privacy officer at CrowdStrike.

“This committee can ensure that CISA is properly focused and resourced to perform this mission,” he said in written remarks. “From an oversight perspective, you can ensure it has authorities, talent and capabilities to maximize its impact.”

The post Hill warning: Don’t put cyber offense before defense appeared first on CyberScoop.

The cybersecurity industry has been battling a talent shortage and skills gap for years. Meanwhile, organizations need a new way to approach risk management proactively and more effectively. AI seems the clear answer to both.

Open tech roles are trending down or flat, while demand for AI skills is climbing fast. It’s structural change that shows today, automation is no longer optional. The speed, scale and complexity of modern threats have already outpaced manual processes, and AI is the only viable way to keep up. That’s why humans, armed with AI, make such a powerful combination. Because the need for speed and precision – combined with a lack of skilled manpower – forces us to rethink our cybersecurity workflows. AI agents will take over high-volume, repetitive tasks — continuously analyzing vast streams of telemetry, correlating signals across environments, and surfacing the handful of risks that truly matter. They will identify the needle in the haystack.

Over nearly three decades of my career in tech and cybersecurity, I’ve witnessed how every technological shift redefines the workforce. The AI boom is simply the latest cycle. I am sure that centuries ago, it was someone’s job to chisel manuscripts on stone slabs. When ink and paper was invented, the world evolved, the workforce changed, and we all survived. In the short term, adopting new technology may reduce demand for some roles. Yet over time, AI-driven productivity gains will help businesses grow and create new positions that did not exist before. We’re already witnessing the creation of entirely new disciplines in model evaluation, orchestration, and AI security. In the short-term, some people might find themselves out of a job if they don’t reskill, but ultimately, the workforce must adapt.

But how are organizations supposed to fill AI roles if no one has expertise in the new field? These roles are hard to fill because they require experience across the AI lifecycle: data sourcing, training, evaluation, deployment, and monitoring, plus the judgment to defend those systems when attackers aim at the model rather than the application. You don’t learn that from tutorials; you earn it by deploying AI systems into production, getting attacked, and iterating controls.  Deloitte’s analysis framed the paradox succinctly: the very AI that accelerates operations introduces shadow usage, agentic autonomy, and data leakage risks that must be actively governed.

Here’s the good news: CISOs don’t have to fix everything. When everything is critical, nothing is. The most effective cybersecurity programs focus on reducing the risks that matter most to the business. A Risk Operations Center (ROC) provides the framework to do exactly that: consolidating risk factors, applying business-driven prioritization, and orchestrating remediation. Unlike a Security Operations Center (SOC), which is focused more on analyzing incidents when they happen and responding appropriately, the ROC takes a proactive, future-looking approach to reduce the risk of a catastrophic cyber event happening to the business. And agentic AI can take risk orchestration to the next level, by automating threat prioritization and guiding remediation strategies aligned to an organization’s unique risk posture. The AI-native ROC shifts organizations from reactive firefighting to proactive risk management, ensuring security keeps pace with AI-driven innovation.

The truth is: everything we do in cybersecurity is about risk management. The ROC is not just for security. It connects CISOs, CIOs, CFOs, business unit leaders, and boards around a single view of risk—bridging priorities, aligning decisions, and creating accountability across the business. Boards are optimizing for ROI and resilience simultaneously. They recognize AI’s productivity upside but also expect security leaders to connect spend to business outcomes: fewer material incidents, faster reporting, lower exposure, and demonstrable business continuity. The question is no longer “How much did we spend?,” but “What risk did we measurably reduce?” Therefore, our hiring strategies must align to outcomes, not headcount: upskill the workforce, redeploy cross‑functionally, and use security platforms with embedded, governed AI capabilities over needing more headcount to manage tool sprawl. That efficiency helps the business strengthen its top line, leading to expansion and ultimately fuels future hiring.

We also need to confront a hard truth: AI‑generated code is often insecure. Multiple studies in 2025 found about 45% of AI‑generated code contains security flaws, with particularly weak defenses against cross‑site scripting and log injection. If AI becomes the default author of routine code, we will ship vulnerabilities faster than human review can catch them, unless we embed security in the pipeline. This means enforcing mandatory reviews, scanning both code and binaries continuously, gating high‑risk changes behind human approval, and logging agent actions like we log privileged users.

The paradox isn’t paradoxical at all. AI is compressing some job categories while expanding others and raising the bar for everyone. Cybersecurity leaders who embrace that reality will be best positioned to deliver resilience, regulatory readiness, and growth in 2026.

Sumedh Thakar is the president and CEO of Qualys, a leading cybersecurity company, and is passionate about making the digital world safer. He joined Qualys in 2003 as an engineer and rose through leadership roles including chief product officer and president, helping expand the Qualys platform with integrated capabilities and scaling global engineering teams. He is a co-inventor on five U.S. cybersecurity patents and previously held engineering roles at Intacct and Northwest Airlines.

The post Why cybersecurity cannot hire its way through the AI era appeared first on CyberScoop.

China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support criminal operations, gather intelligence, and possibly prepare for future disruption of essential services. Iran and North Korea are also ramping up disruptive attacks on hospitals, schools, local governments, and global commerce. Our adversaries’ offensive cyber operations are not slowing down. But America’s cyber defenses are falling behind.

When Congress created the Cyberspace Solarium Commission in 2019, our mandate was clear: prevent a cyber catastrophe before it strikes. We remember sitting with the commissioners — Republicans, Democrats, industry leaders, and national security veterans — knowing we were attempting something no country had tried before: to build a strategy for defending a digital society at scale. We delivered that strategy, along with 116 actionable recommendations. Many of those reforms reshaped federal cyber policy, and for a time, the United States was gaining ground.

Today, we are seeing erosion across core pillars of America’s cyber posture. Cybersecurity mission capacity is strained; public-private collaboration is losing momentum; federal agencies are operating without stable leadership; and coordination with allies — once one of our greatest strategic advantages — is failing to keep pace with our adversaries who now operate globally and relentlessly. These are not routine dips in activity. They are symptoms of strategic drift.

To reverse that drift, we must recover the clarity and urgency that guided the commission. The entire architecture of layered cyber deterrence depends on stable leadership, predictable budgets, continuous cross-sector collaboration, strong norms, international partnerships, and a healthy cadence of congressional oversight.

The first, most immediate step is obvious: the Cybersecurity and Infrastructure Security Agency (CISA) needs Senate-confirmed leadership and sustained multi-year funding. The agency responsible for advising the entire nation on cybersecurity risk is operating without stable direction at a time of rising threats. CISA has lost approximately one-third of its workforce through reductions and departures while its funding is constantly in flux. The Senate must move swiftly to confirm Sean Plankey—or whomever else is nominated—so CISA can regain the momentum and continuity required to fulfill its role.

Second, the federal government’s cybersecurity workforce crisis must be treated as a national security emergency. Agencies are still bound to hiring models built for the 20th century: rigid classifications, slow timelines, and at-will structures that make it far too easy for private industry to lure talent away. The administration needs to grow, not simply maintain, the CyberCorps: Scholarship for Service — one of our most successful talent pipeline programs for the federal government — which brings highly trained students into agencies in exchange for paying for several years of their education. Even its graduates, fully funded by federal scholarships, run headfirst into hiring barriers and freezes that have nothing to do with skills and everything to do with process.

Third, we must reinstate mechanisms for public-private collaboration. The elimination of the Critical Infrastructure Partnership Advisory Council has created legal uncertainty that chills information sharing between government and industry. Congress’ failure to authorize a long-term extension of the Cybersecurity Information Sharing Act of 2015 creates even more uncertainty about private companies’ ability to share threat information with the government and each other. Most critical infrastructure is privately owned and operated, and we cannot defend it without genuine partnership. Restoring structured collaboration channels is essential to our collective defense.

Lastly, we must rebuild our cyber diplomatic capacity. At the State Department, the seat for the ambassador-at-large for cyberspace and digital policy sits vacant — a troubling signal at a moment when authoritarian regimes are aggressively exporting their vision of a controlled, surveilled internet. The administration should nominate, and the Senate should move urgently to confirm, a new ambassador who can represent American interests in shaping international cyber norms, building allied capacity, and countering digital authoritarianism. The State Department’s Bureau of Cyberspace and Digital Policy’s mission capacity has been gutted through restructuring. Congress should restore personnel and establish consistent funding for capacity-building programs with our partners.

In 2020, the Solarium Commission warned that America could not wait for catastrophe to spur action. That warning stands today. Cybersecurity has long been one of the rare domains that still invites bipartisanship. We should seize that advantage rather than squander it. Congress — on both sides of the aisle — has the capacity to act.

Jim Langevin served in U.S. Congress for 22 years, representing Rhode Island’s second congressional district. He is now the chair of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation (CCTI) and the distinguished chair of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College.

RADM (Ret.) Mark Montgomery is CCTI’s senior director and served as the executive director of the congressionally mandated Cyberspace Solarium Commission.

The post Time to restore America’s cyberspace security system appeared first on CyberScoop.

With a little more than a month left before a foundational cyber threat information sharing law expires for a second time, Congress might have to do another short-term extension as negotiations on a longer deal aren’t yet bearing fruit, a key lawmaker said Tuesday.

House Homeland Security Chairman Andrew Garbarino, R-N.Y., said the problem with a long-term extension of the Cybersecurity Information Sharing Act of 2015, which provides legal protections to companies to share cyber threat data with the federal government and other companies, is that there are three different views about how to approach it.

The Trump administration and some in the Senate want a clean, 10-year reauthorization of the law, which Congress extended last month until Jan. 30 as part of the legislation that ended the government shutdown, after the information sharing law lapsed in October. But a reauthorization without any changes could run into House opposition, Garbarino said.

“I don’t know if I can get that passed in the House, with concerns from the Freedom Caucus,” he said at an event hosted by Auburn University’s McCrary Institute. The Freedom Caucus has had criticism of the Cybersecurity and Infrastructure Security Agency that is integral to implementing the 2015 law.

Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., also has a version of the bill that focuses largely on language he said is needed to defend free speech. And Garbarino’s version takes yet another approach to tweaking the law.

“Unfortunately, I don’t think we’re close enough with the discussions on the Senate to get it to figure out which bill will pass and what will get done,” Garbarino said. That leaves another extension tied to any funding bill that replaces the legislation currently funding the government, which also runs through Jan. 30.

Garbarino said his committee also is working on other issues, like deconflicting federal cybersecurity regulations, the cyber workforce and responding to the Chinese hacking group Salt Typhoon breaching telecommunications networks.

A report on “regulatory harmonization” has been underway at the committee, he said. But that doesn’t mean he wants to roll all the rules back. Asked about the Federal Communications Commission voting to get rid of Biden administration-era rules put into place in response to the Salt Typhoon breach, Garbarino said, “I’m not sure I would’ve voted to get rid of some of the protections or the rules, but it wasn’t my vote.”

The committee has been probing the government’s response to Salt Typhoon, and recently sent another set of questions in the past two or three months after not getting satisfactory answers the first time, Garbarino said.

“We are working closely with the China Select Committee as to what legislatively we could move if there’s something,” he said. “We’re not there yet.” 

Rep. Sheri Biggs, R-S.C., has picked up the baton on cyber workforce legislation sponsored by Garbarino’s predecessor as chairman, and Garbarino said he expects there to be some changes to the bill.

And two House Homeland subcommittees are holding a hearing Wednesday on artificial intelligence and cybersecurity.

“I’ll tell you right now, with our adversaries, the way they’re going to use AI, we can’t defend with human intervention alone,” Garbarino said. “AI is going to have to be part of our cyber defense.”

The post Key lawmaker says Congress likely to kick can down road on cyber information sharing law appeared first on CyberScoop.