On March 23, the Senate confirmed Senator Markwayne Mullin as the next homeland security secretary, marking an important step in strengthening leadership during a critical moment for our nation’s security.

But only half of the job is done.

The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s main civilian cyber defense agency, still lacks a Senate-confirmed director. As global cyber threats escalate,  this prolonged leadership gap poses a growing national security risk.

As Executive Director of the National Technology Security Coalition (NTSC), I represent Chief Information Security Officers who are responsible for protecting the systems that sustain America’s economy and critical infrastructure. In every sector, energy, healthcare, financial services, manufacturing, and transportation, there is a common concern: the threat landscape is growing more aggressive, and our defenses must stay ahead.

Our enemies are not waiting.

Since the start of the conflict with Iran, cybersecurity experts have reported increased malicious cyber activity targeting U.S. and allied systems. Iran-linked actors have shown their ability to disrupt operations and exploit vulnerabilities. Meanwhile, China continues its long-term effort to infiltrate American networks and position itself for possible disruption of critical infrastructure. Russia and its affiliated groups remain persistent, probing Western systems for weaknesses and exerting constant pressure.

This is the reality of modern conflict. Cyber operations have emerged as a primary domain of competition. In some cases, they can rival the effects of traditional military action, disrupting economies, communications, and public safety through code alone. 

Leadership is important in this environment.

CISA plays a key role in coordinating federal cyber defense, sharing threat intelligence with the private sector, and supporting state and local governments. It serves as the link between government and industry in protecting the nation’s digital infrastructure. Without a Senate-confirmed director, the agency’s ability to set priorities, coordinate efforts, and respond quickly is limited.

That challenge is growing more urgent. The President’s fiscal year 2027 budget plan proposes significant cuts to CISA’s funding. At a time when the agency faces increasing operational pressure, fewer resources make strong, steady leadership even more crucial.

This is the moment when Secretary Mullin’s leadership is critical.

As a former member of the Senate, Secretary Mullin understands the institution, its dynamics, and how to build consensus. He is uniquely positioned to connect with past colleagues and help advance Sean Plankey’s nomination as Director of CISA.

Plankey is highly qualified and widely respected in the cybersecurity community. His experience in the U.S. Coast Guard, at the Department of Energy securing the nation’s energy infrastructure, and in the private sector provides him with a clear understanding of both the threat landscape and the importance of public-private collaboration. At a time when coordination between government and industry is vital, these qualities are essential.

The Senate has already signaled that it takes cyberthreats seriously. It recently confirmed Lt. Gen. Joshua Rudd to lead U.S. Cyber Command and serve as director of the National Security Agency, ensuring strong leadership of America’s military cyber defense team.

Now it needs to do the same on the civilian side.

Confirming Plankey matters because the country’s main civilian cyber defense agency needs established leadership to combat adversaries who are already inside our networks, probing our systems, and preparing for the next phase of conflict.

The leadership gap at CISA has gone on long enough.

Secretary Mullin must engage. The Senate needs to act. And Sean Plankey should be confirmed without further delay.

America’s cyber defenses depend on it.

Chris Sullivan is the executive director of the National Technology Security Coalition, a nonprofit, non-partisan organization that serves as an advocacy voice for chief information security officers across the nation.

The post Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey appeared first on CyberScoop.

A key Senate Committee moved to advance legislation that would overhaul cybersecurity practices at the Department of Health and Human Services.

The bipartisan Health Care Cybersecurity and Resiliency Act sailed through the Senate Health, Education and Labor Committee Thursday on a 22-1 vote, with only Sen. Rand Paul, R-Ky., opposing it.

The legislation, sponsored by committee chair Bill Cassidy, R-La., and Sens. Mark Warner, D-Va., John Cornyn, R-Texas and Maggie Hassan, D-NH, would require the Secretary of Health and Human Services to develop a cybersecurity incident response plan for the department and provide it to Congress for review.

It would direct the department to partner with the Cybersecurity and Infrastructure Security Agency on oversight of cybersecurity in the health care and public health sectors, create specific cybersecurity guidance for rural healthcare providers and develop a plan to boost cybersecurity literacy within the healthcare workforce.

Cassidy and other members cited the 2024 Change Healthcare attack as a major driver for the legislation, arguing the incident was emblematic of a sector that is under constant siege from cybercriminals, ransomware actors and nation-states.

“Last year there were more than 730 cyber breaches affecting over 270 million Americans [connected to] Change Healthcare, exposing 190 million people’s data and delaying access to care.”  Cassidy said at the opening of the hearing.

Another provision would designate the Administration for Strategic Preparedness and Response at HHS as the Sector Risk Management Agency for the Healthcare and Public Health sectors.

Earlier this month, an HHS official from that office speaking at CyberTalks, presented by CyberScoop, said the Change Healthcare attack took many private and public sector defenders by surprise, underscoring how the compromise of a little-known third-party service provider concentrated within a single sector can still take down wide swaths of industry.

“It wasn’t a hospital, it was a company most people have never heard of and had major impacts on our sector and threatened the liquidity of our entire health care system,” said Charlee Hess, director of the healthcare and public health sector cybersecurity at the Administration for Strategy Preparedness and Response division. “We recovered from that, but we realized there are third-party risks lurking in our health care system, and we don’t even know they’re there. Where are those entities or systems that will have an outsized impact on our sector?”

The bill would update one of the sector’s main data protection laws, the Health Insurance Portability and Accountability Act, to ensure regulated entities use modern cybersecurity practices. It would also establish a new federal grant program to help hospitals, cancer centers, rural health clinics, the Indian Health Service, academic health centers and partnering nonprofit organizations adopt cybersecurity best practices  

“Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs – and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks,” Hassan said in a statement.

The post Senate moves one step closer to passing health care cyber reforms  appeared first on CyberScoop.