Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s primary cybersecurity agency, writing that the “Trump Administration has undertaken multiple efforts to decimate CISA’s workforce, undermining our nation’s cybersecurity.”

Swalwell, the ranking member on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, called out the agency for its reported shift of cybersecurity personnel to the Department of Homeland Security’s deportation efforts, on top of the approximately 760 people that have been let go from the agency since January. 

“Amid reports that the Department of Homeland Security is now forcibly transferring CISA’s cybersecurity employees to other DHS components, it has become apparent that the Department’s exclusive focus on its mass deportation campaign is coming at the expense of our national security,” Swalwell writes. “As further evidence of the Administration’s failure to prioritize cybersecurity, CISA is now engaging in Reductions in Force (RIFs) that threaten CISA’s capacity to prevent and respond to cybersecurity threats. I demand you immediately cease all efforts to cut CISA’s workforce, reinstate employees who were transferred or dismissed, and provide details on the impacts of the agency’s workforce reductions.“

The letter is not the first time Swalwell has asked for information about CISA’s workforce. In April, he asked the agency to brief the subcommittee on its workforce plans. He wrote in Tuesday’s letter he had not heard back from CISA. 

Further in the letter, Swalwell says shifting CISA personnel to deportation efforts takes away from the agency’s core mission at a time of “unprecedented cybersecurity threats,” pointing to the emergency directive issued last month about an ongoing and widespread attack spree affecting Cisco firewalls. He also questions CISA’s ability to leverage third-party expertise, given the agency’s September termination of its agreement with the Multi-State Information Sharing and Analysis Center — a partnership previously underpinned by $27 million in federal funding for fiscal year 2025. 

“In order to combat these threats, CISA needs to have sufficient personnel to carry out its mission, particularly at a time when canceled contracts and cooperative agreements have left CISA without critical third-party support,” Swalwell writes. 

You can read the full letter below. 

A CISA spokesperson sent CyberScoop the following statement:

“During the Biden Administration, Rep. Swalwell had no issue with CISA performing duties outside of its statutory authority – including censorship, branding, and electioneering. Under the leadership of President Trump and Secretary Noem, CISA focused squarely on executing its statutory mission: serving as the national coordinator for securing and protecting U.S. critical infrastructure. CISA is delivering timely, actionable cyber threat intelligence, supporting federal, state, and local partners, and defending against both nation-state and criminal cyber threats.”

Update: October 18, 2025, 4:00 pm: This article has been updated with comment from CISA.

The post Swalwell seeks answers from CISA on workforce cuts appeared first on CyberScoop.

The Department of Homeland Security estimated over the weekend that it would send home about two-thirds of employees at the Cybersecurity and Infrastructure Security Agency in the event of a government shutdown.

It’s the first time that the second Trump administration has released its contingency plan in response to what would happen if Congress doesn’t keep the government funded after Oct. 1 — something that looks likely at the moment. The furlough of two-thirds of CISA employees is also relatively close to the last time the Biden administration produced shutdown guidance in 2023.

According to the DHS document, 889 of CISA’s 2,540 personnel would keep working through a government funding lapse. That workforce estimate is from May, and could be smaller now. In 2023, DHS anticipated that it would keep 960 of its then-3,117 employees at work.

The Biden administration said that year that it would have had the ability to recall another 790 CISA employees if needed. The latest DHS guidance doesn’t include any information on recallable employees, and CISA didn’t immediately respond to a request for that figure Monday.

Furloughs of cyber personnel could have a whole host of potentially negative consequences, government officials and outside cyber experts have warned. Those consequences could be even worse as the Trump administration slashes the federal workforce, some say.

A temporary reduction could invite more attacks on the federal government; slow down patching, cyber projects and regulations; prompt permanent departures from workers disillusioned about the stability of federal cyber work; hinder cybercrime prosecutions; and freeze cyber vulnerability scans.

The latest CISA furlough estimates are “scary,” one cyber researcher wrote on the social media platform Bluesky. The White House has also instructed agencies to plan for mass firings in the event of a shutdown.

At other agencies, some federal cybersecurity-related personnel are likely to continue working during a federal funding lapse, because the law deems some government functions as “excepted,” such as those focused on missions like national security, law enforcement or protection of property and human safety. For example, at the Health and Human Services Department, the fiscal year 2026 contingency plan states that “HHS estimates that 387 staff (excluding those otherwise authorized by law) will be excepted for the protection of computer data.”

Unlike in past years, agencies are hosting contingency plans on their websites on a case-by-case basis, rather than on the website of the Office of Management and Budget. Some plans that have been published, such as those for the Department of Defense, don’t specify figures for cyber personnel.

Hundreds of thousands of federal workers could be furloughed, in total.

Two major cybersecurity laws, one providing legal protections for cyber threat data sharing and another providing state and local grants, are also set to expire in mere days. A House-passed continuing resolution would’ve temporarily extended them, but the legislation didn’t advance in the Senate.

The post Two-thirds of CISA personnel could be sent home under shutdown appeared first on CyberScoop.

The Department of Defense is seeking to address persistent shortages in its cyber workforce by reducing the time to fill vacant cybersecurity jobs to 25 days. The target, outlined by a senior official during a recent discussion, comes as the department faces a shortfall of nearly 20,000 cyber professionals within its ranks, a figure that reflects broader national trends.

Mark Gorak, who manages the DOD’s cyber workforce, described the scale of the challenge Thursday at FedTalks, produced by Scoop News Group. He noted that the department’s cyber component alone consists of approximately 245,000 personnel, while the wider Department of Defense encompasses about 4 million. The vacancy rate, which recently dropped below 10%, remains a significant concern, as the nation as a whole is estimated to be short by 500,000 to 700,000 cyber experts.

Efforts to accelerate hiring have already yielded some results. The department currently averages 70 days to hire, a figure that compares favorably to the federal government’s 80-day benchmark but lags behind the private sector, where technical hiring can take as little as 46 days. The new 25-day target, if achieved, would represent a substantial shift in federal hiring practices.

Central to the department’s strategy is a move toward skills-based hiring. Gorak emphasized a departure from traditional requirements such as advanced degrees, certifications, or lengthy experience. Instead, candidates will be evaluated on their ability to perform job-specific tasks, often through the use of cyber ranges — simulated environments designed to assess technical proficiency. The department is developing 30-minute assessment ranges to quickly determine whether applicants can meet the demands of the role.

“My number one goal is skills-based hiring in the department,” Gorak said. “I don’t care what your occupational series is. I don’t care what your [Military Occupational Specialty] is. I care about what you do and if you’re qualified to do it.”

The shift comes amid rapid technological change, particularly in artificial intelligence. The official noted that the department is updating its work roles and the associated knowledge, skills, abilities, and tasks (KSATs) every 90 days to keep pace with evolving cyber threats and tools. The use of AI is being encouraged within the workforce, with Gorak acknowledging that many federal employees have yet to adopt such technologies in their daily work.

“Right now, AI is exponentially increasing,” he said. “Every month, right now, we’re changing our AI capabilities. We have to keep up.”

The department’s approach also involves collaboration with industry, academia, and other government partners. Gorak, who now leads the newly established Cyber Academic Engagement Office, underscored the need for a broad coalition to address the workforce gap.

“Congress gave me a task. I appointed a director. I don’t have funding, I don’t have resources, I don’t have people,” he said. “I firmly believe we need industry, academia, civilians and military to solve our challenges.”

The post DOD official: We need to drop the cybersecurity talent hiring window to 25 days appeared first on CyberScoop.

FBI cyber division cuts under President Donald Trump will reduce personnel there by half, a top Democratic senator warned Tuesday, while FBI Director Kash Patel countered that arrests and convictions have risen under the Trump administration.

A contentious Senate Judiciary Committee hearing dominated by clashes over political violence, Patel’s leadership and accusations about the politicization of the bureau nonetheless saw senators probing the FBI’s performance on cybersecurity.

“My office received information that cuts to the bureau’s cyber division will cut personnel by half despite the ever-increasing threat posed by adverse foreign actors,” said Illinois Sen. Dick Durbin, the top Democrat on the panel. The Trump administration has proposed a $500 million cut for the FBI in fiscal 2026.

Sen. Alex Padilla, D-Calif., said that as the FBI has shifted personnel toward immigration and politically motivated investigations like the Tesla task force, it has undercut other missions. “It has an impact on other priorities, like nation-state threats and ransomware investigations,” he said.

Padilla was one of several Senate Democrats, like Cory Booker of New Jersey and Mazie Hirono of Hawaii, who said the FBI’s cyber mission was suffering because its personnel were being directed elsewhere.

Patel told Hirono that the FBI’s cyber branch was one of the bureau’s “most impressive” units, and that it had made 409 arrests, a 42% increase compared to the same period last year, and garnered 169 convictions.

As Padilla questioned him about the FBI’s mission to protect against election interference and the Justice Department ending the Foreign Influence Task Force, Patel answered that the FBI did not “in any way divert or reallocate resources from that critical mission set.” He said it was still working on it through its cyber programs, which had seen a “40, 50, 60%” increase in arrests in cyber threat cases involving critical infrastructure and interference with elections.

Patel said he hadn’t shifted any resources away from any critical missions like terrorism toward things like Tesla vandalism or sending federal personnel to cities like Washington, D.C. “They never left their primary job,” he said. “It is a surge in law enforcement.”

Hirono asked Patel to say who had replaced top officials who had exited the cyber division, but he said only that they were “supremely qualified individuals” and wouldn’t give their names “so you can attack them.” Hirono replied, “you don’t know” when he wouldn’t say who they were.

More broadly, Patel said the FBI was taking the fight to Chinese threat groups like Salt Typhoon and Volt Typhoon, and going after ransomware and malware attackers.

Sen. Amy Klobuchar, D-Minn., said she was concerned about a rise in artificial intelligence-generated election interference, including materials directed at her. Patel said the FBI was looking into it, but that the culprits appeared to be “loose groups overseas, without any central cluster.”

The post Senators, FBI Director Patel clash over cyber division personnel, arrests appeared first on CyberScoop.

A top official at the Cybersecurity and Infrastructure Security Agency on Thursday rejected concerns that personnel and program cuts at CISA have hindered its work.

Nick Andersen, who just began serving as executive assistant director of cybersecurity at CISA this month, said he’s seen the agency function at a high level from both the outside and inside.

“There’s been an awful lot of reporting recently about CISA and the potential for degraded operational capabilities, and I’m telling you, nothing can be further from the truth,” he said at the Billington Cybersecurity Summit. “It is just a fantastic opportunity to see the high-level output and throughput that this team has.

“There is not a single instance where I can think of that somebody reaches out — whether it’s in our remit or not, we are connecting them with the right level of resources, and we are helping them to make themselves right, whether it’s incidents that we see affecting a state/local partner, small- or medium-sized businesses or the largest critical infrastructure owner/operators,” he continued.

The Trump administration has cut or plans to cut more than 1,000 personnel at the agency, a third of its total full-time employees, and has sought nearly half a billion dollars in funding reductions.

CISA’s shuttering of an array of programs has drawn widespread criticism from many in industry as well as from state and local governments who have partnered with the agency, not to mention concerns from Capitol Hill.

But Andersen said CISA has full support from President Donald Trump, who clashed with agency leadership in his first term, and Department of Homeland Security Secretary Kristi Noem.

“We have exceedingly strong relationships with” other government agencies and the private sector, Andersen touted. “The level of commitment within this team is second to none, and we’re just going to continue to hone and focus [on] that operational mission of what CISA should be delivering on. We’re going to continue to sort of separate out the fluff, but we are going to take every single dollar, every single resource, every single manpower hour to deliver an even sharper focus on those core capabilities in keeping with what President Trump identified as our administration priorities.”

Those priorities, Andersen said, include fortifying federal networks. “Raising the collective bar across the dot gov is a big one,” he said.

It also includes strengthening relationships with critical infrastructure owners and operators. “We want to be able to work very closely with our critical infrastructure partners on focused resilience efforts, be able to raise the bar in a sprint between now and 2027 as we prepare for the potential of China making good on its promise … to take Taiwan,” he said, so that “our critical infrastructure is not going to be held hostage.”

And it includes strengthening partnerships with other federal agencies as well as state and local governments, Andersen said.

The post CISA work not ‘degraded’ by Trump administration cuts, top agency official says appeared first on CyberScoop.

Nicholas Andersen is taking over a top leadership role at the Cybersecurity and Infrastructure Security Agency, CISA announced Tuesday.

He will become executive assistant director of cybersecurity at the agency in a role that’s seen swift turnover in the past year. It’s a position that has, in the past, led CISA efforts on protecting federal civilian agency networks and protecting critical infrastructure against cyber threats.

Andersen is a veteran of the first Trump administration, where from 2019 to 2021 he served in the Department of Energy’s Cybersecurity, Energy Security and Emergency Response division as both the principal deputy assistant secretary and performed the duties of assistant secretary.

Andersen most recently worked as president and chief operating officer at Invictus International Consulting, a firm that bills itself as “a full-spectrum cyber company that fuses data science and intelligence to deliver advanced technological and analytical solutions required for our national defense.”

He fills a role previously announced for Karen Evans early in Trump’s second term, before she departed shortly after for a nomination as undersecretary for management at the Department of Homeland Security and then shifting over to the Federal Emergency Management Agency. Chris Butera has been serving in the role as acting executive assistant director since, and will now assume the role of acting deputy executive assistant director.

Eric Goldstein was previously in Andersen’s role for nearly four years under President Joe Biden before leaving in the summer of 2024. Jeff Greene replaced him until Trump took office.

“I am honored to have the opportunity to join CISA and the trust placed in me by President Donald Trump and Secretary Kristi Noem,” Andersen said in a news release. “Having led organizations in both the public and private sectors, I deeply appreciate the vital role a robust cyber defense agency plays in securing our nation’s critical infrastructure. My career has been dedicated to defending America, and I look forward to continuing that mission at CISA.”

Acting CISA Director Madhu Gottumukkala said Andersen’s “broad experience across business, government, and technology uniquely positions him to strengthen our engagement with critical infrastructure partners, helping them better assess risk and elevate their security posture. I look forward to working with him as we advance our mission and safeguard the resilience of our nation during this pivotal time.”

Andersen’s first day was Tuesday.

The post CISA taps Nicholas Andersen for executive assistant director of cybersecurity appeared first on CyberScoop.

The top lawmakers on a key House cybersecurity panel are hoping to remove a barrier to entry for cyber jobs in the federal government.

Introduced this week, the Cybersecurity Hiring Modernization Act from Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio, would prioritize skills-based hiring over educational requirements for cyber jobs at federal agencies. 

Mace and Brown — the chair and ranking member of the House Oversight Cybersecurity, Information Technology, and Government Innovation Subcommittee, respectively — said the legislation would ensure the federal government has access to a “broader pool of qualified applicants” as the country faces “urgent cybersecurity challenges.”

“As cyber threats against our government continue to grow, we need to make sure our federal agencies hire the most qualified candidates, not just those with traditional degrees,” Mace said in a press release Thursday. “This bill cuts red tape, opens doors to skilled Americans without a four-year diploma but with the expertise to get the job done, and strengthens our nation’s cybersecurity workforce.”

Brown said in a statement that expanding the cyber workforce is “imperative” to “meet our nation’s growing need for safe and secure systems.” The bill aims to “remove outdated hiring policies, expand workforce opportunities to a wider pool of talented applicants, and help agencies hire the staff that they need,” she added. 

The bill calls on the Office of Personnel Management to annually publish any education-related changes that are made to minimum qualification requirements for federal cyber roles. OPM would also be charged with aggregating data on educational backgrounds of new hires for those cyber positions.  

Agencies would still be permitted to include minimum education requirements for cyber jobs, but “only if a minimum education qualification is required by law to perform the duties of the position in the State or locality where the duties of the position are to be performed,” per the bill text. Education can be considered if that schooling “directly reflects the competencies necessary to satisfy that qualification and perform the duties of the position.”

Easing education requirements for federal cyber contracting jobs was a priority for Harry Coker, the Biden administration’s national cyber director, and other legislation in recent years has also attempted to address the issue. 

Mace has also tried in the past to scrap minimum education requirements on federal cybersecurity jobs, introducing the Modernizing the Acquisition of Cybersecurity Experts Act in 2023. The bill passed the House but stalled out in the Senate.

The post House lawmakers take aim at education requirements for federal cyber jobs appeared first on CyberScoop.

Two executive orders President Donald Trump has signed in recent months could prove to have a more dramatic impact on cybersecurity than first thought, for better or for worse.

Overall, some of Trump’s executive orders have been more about sending a message than spurring lasting change, as there are limits to their powers. Specifically, some of the provisions of the two executive orders with cyber ramifications — one from March on state and local preparedness generally, and one from June explicitly on cybersecurity — are more puzzling to cyber experts than anything else, while others preserve policies of the prior administration which Trump has criticized in harsh terms. Yet others might fall short of the orders’ intentions, in practice.

But amid the flurry of personnel changes, budget cuts and other executive branch activity in the first half of 2025 under Trump, the full scope of the two cyber-related executive orders might have been somewhat overlooked. And the effects of some of those orders could soon begin coming to fruition as key top Trump cyber officials assume their posts.

The Foundation for Defense of Democracies’ Mark Montgomery said the executive orders were “more important” than he originally understood, noting that he “underestimated” the March order after examining it more closely. Some of the steps would be positive if fully implemented, such as the preparedness order’s call for the creation of a national resilience strategy, he said.

The Center for Democracy & Technology said the June order, which would unravel some elements of executive orders under presidents Joe Biden and Barack Obama, would have a negative effect on cybersecurity.

“Rolling back numerous provisions focused on improving cybersecurity and identity verification in the name of preventing fraud, waste, and abuse is like claiming we need safer roads while removing guardrails from bridges,” said the group’s president, Alexandra Reeve Givens. “The only beneficiaries of this step backward are hackers who want to break into federal systems, fraudsters who want to steal taxpayer money from insecure services, and legacy vendors who want to maintain lucrative contracts without implementing modern security protections.”

The big changes and the in-betweens

Perhaps the largest shift in either order is the deletion of a section of an executive order Biden signed in January on digital identity verification that was intended to fight cybercrime and fraud. In undoing the measures in that section, the White House asserted that it was removing mandates “that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”

One critic, speaking on condition of anonymity to discuss the changes candidly, said “there’s not a single true statement or phrase or word in” the White House’s claim. The National Security Council did not respond to requests for comment on the order.

Some, though, such as Nick Leiserson of the Institute for Security and Technology, observed that the digital identities language in the Biden order was among the “weakest” in the document, since it only talked about how agencies should “consider” ways to accept digital identities.

The biggest prospective change in the March order was a stated shift for state and local governments to handle disaster preparedness, including for cyberattacks, a notion that drew intense criticism from cyber experts at the time who said states don’t have the resources to defend themselves against Chinese hackers alone. But that shift could have bigger ripples than originally realized.

Errol Weiss, chief security officer at the Health-ISAC, an organization devoted to exchanging threat information in the health sector, said that as the Cybersecurity and Infrastructure Security Agency has scaled back the free services it offers like vulnerability scanning, states would hypothetically have to step into that gap to aid entities like the ones Weiss serves. “If that service goes away, and pieces of it probably already have, there’s going to be a gap there,” he said.

Some of the changes from the March order might only be realized now that the Senate has confirmed Sean Cairncross as national cyber director, or after the Senate takes action on Sean Plankey to lead CISA, said Jim Lewis, a fellow at the Center for European Policy Analysis.

For instance: The order directs a review of critical infrastructure policy documents, including National Security Memorandum 22, a rewrite of a decade-old directive meant to foster better threat information sharing and respond to changing threats. There are already signs the administration plans to move away from that memorandum, a development that a Union of Concerned Scientists analyst said was worrisome, but critics of the memo such as Montgomery said a do-over could be a good thing.

Most of the other biggest potential changes, however, are in the June order. This is a partial list:

• It eliminates a requirement under the January Biden order that government vendors provide certifications about the security of their software development to CISA for review. “I just don’t think that you can play the whole, ‘We care about cyber,’ and, ‘Oh, by the way, this incredible accountability control? We rolled that back,’” said Jake Williams, director of research and development at Hunter Strategy.
• It removes another January Biden order requirement that the National Institute of Standards and Technology develop new guidance on minimum cybersecurity practices, thought to be among that order’s “most ambitious prescriptions.”
• It would move CISA in the direction of implementing a “no-knock” or “no-notice” approach to hunting threats within federal agencies, Leiserson noted.
• It strikes language saying that the internet data routing rules known as Border Gateway Protocol are “vulnerable to attack and misconfiguration,” something Williams said might ease pressure on internet service providers to make improvements. “The ISPs know it’s going to cost them a ton to address the issue,” he said.
• It erases a requirement from the Biden order that contained no deadline, but said that federal systems must deploy phishing-resistant multi-factor authentication. 
• It deletes requirements for pilot projects stemming from the Defense Advanced Research Projects Agency-led Artificial Intelligence Cyber Challenge. DARPA recently completed its 2025 challenge, awarding prize money at this year’s DEF CON cybersecurity conference.
• It says that “agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks,” a change security adviser and New York University adjunct professor Alex Sharpe praised.

Some of the changes led to analysts concluding, alternatively, a continuation or rollback of directives from the January Biden executive order on things like federal agency email encryption or post-quantum cryptography.

The head-scratchers and the mysteries

Some of the moves in the June order perplexed analysts.

One was specifying that cyber sanctions must be limited, in the words of a White House fact sheet, “to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities.” The Congressional Research Service could find no indication that cyber sanctions had been used domestically, and said the executive order appears to match prior policy.

Another is the removal of the NIST guidance on minimum cybersecurity practices. “If you’re trying to deregulate, why kill the effort to harmonize the standards?” Sharpe asked. 

Yet another is deletion of a line from the January Biden order to the importance of open-source software. “This is a bit puzzling, as open source software does underlie almost all software, including federal systems,” Leiserson wrote (emphasis his).

Multiple sources told CyberScoop it’s unclear who wrote the June order and whom they consulted with in doing so. One source said some agency personnel complained about the lack of interagency vetting of the document. Another said Alexei Bulazel, the NSC director of cyber, appeared to have no role in it.

Another open question is how much force will be put behind implementing the June order.

It loosens the strictness with which agencies must carry out the directives it lays out, at least compared with the January Biden order. It gives the national cyber director a more prominent role in coordination, Leiserson said. And it gives CISA new jobs.

“Since President Trump took office — and strengthened by his Executive Order in June — CISA has taken decisive action to bolster America’s cybersecurity, focusing on critical protections against foreign cyber threats and advancing secure technology practices,” said Marci McCarthy, director of public affairs for CISA.

California Rep. Eric Swalwell, the top Democrat on the House Homeland Security Committee’s cyber subpanel, told CyberScoop he was skeptical about what the June executive order signalled about Trump’s commitment to cybersecurity.

“The President talks tough on cybersecurity, but it’s all for show,” he said in a statement. “He signed the law creating CISA and grew its budget, but also rolled back key Biden-era protections, abandoned supply chain efforts, and drove out cyber experts. CISA has lost a third of its workforce, and his FY 2026 budget slashes its funding …

“Even if his cyber and AI goals are sincere, he’s gutted the staff needed to meet them,” Swalwell continued. “He’s also made the government less secure by giving unvetted allies access to sensitive data. His actions don’t match his words.”

Montgomery said there was a contradiction between the June order giving more responsibilities to agencies like NIST while the administration was proposing around a 20% cut to that agency, and the March order shifting responsibilities to state and local governments without giving them the resources to handle it.

A WilmerHale analysis said that as the administration shapes cyber policy, the June order “signals what that approach is likely to be: removing requirements perceived as barriers to private sector growth and expansion while preserving key requirements that protect the U.S. government’s own systems against cyber threats posed by China and other hostile foreign actors.”

For all of the changes it could make, analysts agreed the June order does continue a fair number of Biden administration policies, like commitments to the Cyber Trust Mark labeling initiative, space cybersecurity policy and requirements for defense contractors to protect sensitive information.

Some of those proposals didn’t get very far before the changeover from Biden to Trump. But it might be easier for the Trump administration to achieve its goals.

“It’s hard to say the car is going in the wrong direction when they haven’t started the engine,” Lewis said. “These people don’t have the same problem, this current team, because they’re stripping stuff back. They’re saying, ‘We’re gonna do less.” So it’s easier to do less.”

The post The overlooked changes that two Trump executive orders could bring to cybersecurity appeared first on CyberScoop.

Sean Cairncross took his post this week as national cyber director at what many agree is a “pivotal” time for the office, giving him a chance to shape its future role in the bureaucracy, tackle difficult policy issues, shore up industry relations and take on key threats.

The former White House official, Republican National Committee leader and head of a federal foreign aid agency became just the third Senate-confirmed national cyber director at an office (ONCD) that’s only four years old. He’s the first person President Donald Trump has assigned to the position after the legislation establishing it became law at the end of his first term.

Two people — House Homeland Security Chairman Andrew Garbarino, R-N.Y., and Adam Meyers, senior vice president of counter adversary operations at CrowdStrike — specifically used the word “pivotal” to describe this moment for Cairncross and his office, while others said as much in other ways.

“It’s a new organization, and with any new organization, you’ve got to build up the muscle memory of how ONCD fits into the interagency process and what it means to set a unified national cybersecurity agenda, the language the director was using in his nomination hearing,” Nicholas Leiserson, a former assistant national cyber director under President Joe Biden who worked on the legislation to create the office as a Hill staffer, told CyberScoop. “We need to make sure that ONCD is the center of the policymaking apparatus. … That is going to be critical to his success.”

Brian Harrell, a former infrastructure protection official at the Deparment of Homeland Security and the Cybersecurity and Infrastructure Security Agency in Trump’s first term, said that with personnel reductions at CISA and change elsewhere, Cairncross has a big opportunity.

“ONCD must be seen as the air traffic controller on all things cyber moving forward,” he said via email. “Given the agency rebuild happening at CISA, and new leadership at FBI and NSA cyber, now is the time to build influence and patch struggling relationships. Add to this, a private sector that is unsure where to turn to during a crisis … Sean must be seen as a convener and facilitator to get the President the right information to make key decisions.”

On the policy front, Leiserson, now senior vice president for policy at the Institute for Security and Technology, said Cairncross has a great opportunity to work through the thicket of federal cybersecurity regulations and disentangle them in a harmonization effort that began under Biden and has bipartisan support. Some seasoned staffers who worked on the issue then remain in the federal government, Leiserson said.

Garbarino also brought up harmonization in a written statement as an issue he wants to see Cairncross address, along with leading the charge renewing the 2015 threat data sharing law known as the Cybersecurity Information Sharing Act, set to expire next month. Jason Oxman, president of the Information Technology Industry Council, said in a press release congratulating Cairncross that renewal of that law was “essential to help ONCD achieve its cybersecurity mission.”

USTelecom President and CEO Jonathan Spalter said enhancing the government’s relationship with the private sector, a subject Cairncross brought up in his confirmation hearing, was also vital. Dave DeWalt, CEO of NightDragon, a venture capital and advisory firm, said of Cairncross in a statement to CyberScoop: “I know that under his leadership, public-private partnership will continue to strengthen and secure our future.”

Those policy challenges, as well as the challenges of strengthening the national cyber director’s standing within the federal government and fortifying the public-private partnership, go hand-in-hand with the threats Cairncross will have to confront.

“The mission of the Office of the National Cyber Director has never been more critical: advancing a unified, strategic, and forward-leaning approach to the cyber threats facing our increasingly digital society,” Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University and a former member of the Cyberspace Solarium Commission that recommended that Congress create the office, said in a written statement.

Leiserson said threats like the Chinese hackers known as Salt Typhoon penetrating telecommunications networks surely would be at the forefront of Cairncross’s concerns — a threat Cairncross brought up at his confirmation hearing. Harrell mentioned the looming possibility of a Chinese attack on Taiwan.

Oxman raised the threats to U.S. critical infrastructure and the supply chain. CrowdStrike’s Meyers, in a statement to CyberScoop, said the pivotal moment of Cairncross’s confirmation comes as “threat actors weaponize AI and the threat landscape continues to evolve at machine speed.”

Cairncross comes into the job with far less cybersecurity experience than many who have held federal cyber leadership posts. And he comes in with other potential disadvantages, too. At his nomination hearing, Sen. Elissa Slotkin, D-Mich., pointed to deep budget cuts at CISA, telling Cairncross that “you will oversee the single biggest cut in federal cybersecurity dollars.”

But Leiserson said it was encouraging that Trump’s fiscal 2026 budget proposal would keep funding for the Office of the National Cyber Director pretty level.

There are other reasons to be optimistic about the view from federal leaders on the office, too, some pointed out. Cilluffo noted that the 59-35 vote for Cairncross in the Senate suggested some bipartisan support. Leiserson observed that Cairncross was one of the few nominees to escape the nominee backlog in the Senate before lawmakers went on recess.

As for his relative lack of cyber experience, Cairncross has talked about surrounding himself with the right people, Leiserson said.

“You want the unicorns who are incredibly politically astute and who have very deep cyber knowledge,” he said. “These people are hard to come by. We’ve had real cyber experts on the job. Now we’ve got someone who … is going to have an easy time navigating the West Wing. That is a skill set that is vital for running a White House organization, and shouldn’t be discounted.”

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process.

The vote was 59-35.

President Donald Trump nominated Cairncross on Feb. 12. The Senate Homeland Security and Governmental Affairs Committee held a hearing on his nomination in early June, then voted to advance him that same month.

“I want to thank President Trump for this opportunity. It is an incredible honor to serve our country and this President as the National Cyber Director,” Cairncross said in a written statement. “As the cyber strategic environment continues to evolve, we must ensure our policy efforts and capabilities deliver results for our national security and the American people. The United States must dominate the cyber domain through strong collaboration across departments and agencies, as well as private industry. Under President Trump’s leadership, we will enter a new era of effective cybersecurity policy.”

At his hearing, Cairncross said he’d be focused on policy coordination. He fielded questions from senators about his lack of cyber experience, the biggest cyber threats, cuts to federal cybersecurity personnel and more.

Cairncross has held leadership positions inside and outside of government where there’s been a tenuous connection to cybersecurity. He served as CEO of the Millennium Challenge Corporation, a foreign aid agency, in the first Trump administration, along with roles in the White House. He’s also a former top official at the Republican National Committee.

Despite that, Cairncross has the vocal support of a number cyber experts and past government cyber officials

The Senate vote on Cairncross slots one more cyber leader into the Trump administration.  Alexei Bulazel has taken the job of top cyber official with the White House’s National Security Council, and Brett Leatherman is in the top cyber position at the FBI.

Trump has nominated Sean Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency, and the Senate Homeland Security and Governmental Affairs Committee voted 9-6 last week to move his vote to the floor, although Sen. Ron Wyden, D-Ore., has placed a hold on the nomination pending the release of a telecommunications cybersecurity report.

Trump has displaced the joint head of U.S. Cyber Command and the National Security Agency, and hasn’t settled yet on who will take over.

There’s a backlog of Trump nominees that Cairncross got caught up in prior to the floor vote Saturday.

Updated, 8/3/25: to include statement from Cainrcross.

The post Senate confirms national cyber director pick Sean Cairncross appeared first on CyberScoop.

Sean Plankey’s path to leading the Cybersecurity and Infrastructure Security Agency might have one obstacle set to be cleared for removal.

With the Senate Homeland Security and Governmental Affairs Committee scheduled to hold a vote on his nomination for CISA director Wednesday, the next and final step for Plankey pending approval from the panel would be getting a full Senate vote — something Sen. Ron Wyden, D-Ore., has vowed to block until the agency publicly releases a report on telecommunications network vulnerabilities.

CISA said Tuesday that it would, in fact, release that report.

“CISA intends to release the U.S. Telecommunications Insecurity Report (2022) that was developed but never released under the Biden administration in 2022, with proper clearance,” Marci McCarthy, director of public affairs at the agency, said in an emailed statement. “CISA has worked with telecommunications providers before, during, and after Salt Typhoon — sharing timely threat intelligence, providing technical support and continues to have close collaboration with our federal partners to safeguard America’s communications infrastructure.”

The agency didn’t say when it would release the report, or what “proper clearance” entailed.

CISA’s statement came shortly after Senate passage of legislation — without objections from any senator — that would require the release of the report within 30 days of enactment. The House would still have to pass the bill to send it to President Donald Trump for a signature.

In a floor speech Monday, Wyden said “Congress and the American people deserve to read this report. It includes frankly shocking details about national security threats to our country’s phone system that require immediate action.

“CISA’s multi-year cover-up of the phone companies’ negligent cybersecurity enabled foreign hackers to perpetrate one of the most serious cases of espionage — ever — against our country,” he continued. “Had this report been made public when it was first written in 2022, Congress would have had ample time to require mandatory cybersecurity standards for phone companies, in time to prevent the Salt Typhoon hacks.”

A spokesperson for Wyden said Tuesday that no one from the office has heard from CISA on its plans for the report “that I know of.”

The government’s response to Salt Typhoon, and the industry’s handling of its vulnerabilities, have drawn some outside criticism. Government agencies have rejected some of those complaints while acknowledging others.

The Senate Homeland Security and Governmental Affairs Committee held a hearing on the nomination of Plankey last week, where he talked about his priorities for the agency but also drew fire from a Democratic senator over his views on election manipulation in past and future races.

The post CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination appeared first on CyberScoop.

President Donald Trump’s pick to lead the Cybersecurity and Information Security Agency told senators Thursday that he would prioritize evicting China from the U.S. supply chain, and wouldn’t hesitate to ask for more money for the shrunken agency if he thought it needed it.

“If confirmed it will be a priority of mine to remove all Chinese intrusions, exploitations or infestation into the American supply chain,” Sean Plankey told Rick Scott, R-Fla., at his confirmation hearing before the Homeland Security and Governmental Affairs Committee. Scott had asked Plankey about reports of Chinese infiltration of U.S. energy infrastructure.

Should he be confirmed for the role, Plankey is set to arrive at an agency that has had its personnel and budget slashed significantly under Trump, a topic of concern for Democratic senators including the ranking member on the panel vetting him, Gary Peters of Michigan. Peters asked how he’d handle the smaller CISA he’s inherited while still having a range of legal obligations to fulfill.

“One of the ways I’ve found most effective when you come in to lead an organization is to allow the operators to operate,” Plankey said. “If that means we have to reorganize in some form or fashion, that’s what we’ll do, I’ll lead that charge. If that means we need a different level of funding than we currently have now, then I will approach [Department of Homeland Security Secretary Kristi Noem], ask for that funding, ask for that support.”

Under questioning from Sen. Richard Blumenthal, D-Conn., about whether he believed the 2020 election was rigged or stolen, Plankey, like other past Trump nominees, avoided answering “yes” or “no.” 

At first he said he hadn’t reviewed any cybersecurity around the 2020 election. He then said, “My opinion on the election as an American private citizen probably isn’t relevant, but the Electoral College did confirm President Joe Biden.” 

Blumenthal pressed him, saying his office was supposed to be above politics, and asked what Plankey would do if Trump came to him and falsely told him the 2026 or 2028 elections were rigged. 

“That’s like a doctor who’s diagnosing someone over the television because they saw them on the news,” Plankey answered.

Chairman Rand Paul, R-Ky., rebutted Blumenthal, saying “CISA has nothing to do with the elections.” But Sen. Josh Hawley, R-Mo., later asked Plankey about CISA’s “important” role in protecting election infrastructure, and asked how he would make the line “clear” between past CISA disinformation work that Republicans have called censorship and cybersecurity protections.

Plankey answered that Trump has issued guidance on the protection of election security infrastructure like electronic voting machines, and it’s DHS’s job “to ensure that it is assessed prior to an election to make sure there are no adversarial actions or vulnerabilities in it,” something he’d focus on if Noem tasked CISA with the job.

Plankey said he would not engage in censorship — something his predecessors staunchly denied doing — because “cybersecurity is a big enough problem.” His focus would be on defending federal networks and critical infrastructure, he said. To improve federal cybersecurity, he said he favored “wholesale” revamps of federal IT rather than smaller fixes.

The Center for Democracy and Technology said after Plankey’s hearing it was concerned about how CISA would approach election security.

“CISA has refused to say what its plans are for the next election, and election officials across the country are flying blind,” said Tim Harper, senior policy analyst on elections and democracy for the group. “If CISA is abandoning them, election officials deserve to know so they can make plans to protect their cyber and physical infrastructure from nation-state hackers. Keeping them in the dark only helps bad actors.”

Plankey indicated support for the expiring State and Local Cybersecurity Grant Program, as well as the expiring 2015 Cybersecurity and Information Sharing Act, both of which are due to sunset in September.

Paul told reporters after the hearing that he planned to have a markup of a renewal of the 2015 information sharing law before the September deadline, with language added to explicitly prohibit the Cybersecurity and Infrastructure Security Agency from any censorship.

Plankey’s nomination next moves to a committee vote, following an 11-1 vote last month to advance the nomination of Sean Cairncross to become national cyber director. Plankey’s nomination would have another hurdle to overcome before a Senate floor vote, as Sen. Ron Wyden, D-Ore., has placed a hold on the Plankey pick in a bid to force the administration to release an unclassified report on U.S. phone network security.

“The Trump administration might not have been paying attention, so I’ll say it again: I will not lift my hold on Mr. Plankey’s nomination until this report is public. It’s ridiculous that CISA seems more concerned with covering up phone companies’ negligent cybersecurity than it is with protecting Americans from Chinese hackers,” Wyden said in a statement to CyberScoop. “Trump’s administration won’t act to shore up our dangerously insecure telecom system, it hasn’t gotten to the bottom of the Salt Typhoon hack, and it won’t even let Americans see an unclassified report on why it’s so important to put mandatory security rules in place for phone companies.”

The post Plankey vows to boot China from U.S. supply chain, advocate for CISA budget appeared first on CyberScoop.