CISA Replaces Acting Director After Tumultuous Year

Bill Thompson
By Bill Thompson
News
5 Min Read

The Cybersecurity and Infrastructure Security Agency has replaced acting director Madhu Gottumukkala after a rocky tenure that frustrated staff and alarmed policymakers, according to multiple reports. ABC News first reported the leadership change, which comes as the nation’s lead civilian cyber agency confronts escalating threats and an extended vacancy in its top, Senate-confirmed role.

Why the Leadership Shake-Up at CISA Happened This Year

Gottumukkala’s year at the helm was marred by operational missteps and internal turmoil, current and former officials say. Among the most serious allegations: the improper uploading of sensitive government documents into ChatGPT, an incident that triggered security reviews and trust concerns inside the agency. The workforce also reportedly shrank by roughly one-third during his tenure, a steep contraction for an agency that has struggled to recruit and retain scarce cyber talent.

Table of Contents
A man in a blue suit with a mustache, holding a pencil to his chin, looking down thoughtfully.

Compounding matters, Gottumukkala is said to have failed a counterintelligence polygraph required for access to certain classified materials, then suspended several career officials in the aftermath, including the agency’s chief security officer, according to people familiar with the matter. The cumulative effect was a year of distraction when agencies and critical infrastructure operators needed CISA’s guidance most.

Before joining CISA as deputy director, Gottumukkala served as South Dakota’s chief technology officer under then-governor and current Homeland Security Secretary Kristi Noem. That résumé raised questions among some career staff about federal readiness and continuity—questions that grew louder as crises stacked up.

Who Steps In at CISA Now and What Immediate Changes Follow

Andersen, who previously led CISA’s cybersecurity division, is stepping in as acting director, according to people with knowledge of the move. That background suggests an immediate pivot back to core blocking-and-tackling: incident response, vulnerability management, and rapid advisories through programs like the Known Exploited Vulnerabilities catalog and the Joint Cyber Defense Collaborative.

Early priorities are expected to center on rebuilding trust with agency partners, stabilizing the workforce, and restoring normal governance processes after a turbulent year. CISA’s operational tempo—coordinating interagency responses, issuing binding directives, and advising critical infrastructure—depends on clear chains of command and credible technical leadership.

A Lingering Vacancy at CISA’s Top Post and What It Means

CISA still lacks a Senate-confirmed director. The administration has tapped Sean Plankey for the role, but the nomination awaits a hearing. Senator Ron Wyden previously held up Plankey’s nomination, pressing for the release of an unclassified report allegedly detailing systemic cybersecurity weaknesses at major telecom providers after a wave of intrusions by the China-linked group dubbed Salt Typhoon. Until the Senate acts, CISA remains reliant on interim leadership amid high-stakes operations.

A close-up of a message input field with Message ChatGPT as a placeholder, and a Search button with a globe icon, all set against a soft blue gradient background.

The leadership churn extends beyond the front office. Nextgov reported that Bob Costello, CISA’s chief information officer, departed after a failed attempt by Gottumukkala to reassign him—an effort reportedly blocked by political appointees. CIO continuity is not cosmetic at CISA; it underpins the very IT systems that deliver advisories, telemetry sharing, and interagency coordination.

Why Stability at CISA Matters Now for Federal Cybersecurity

Federal civilian agencies are still executing zero trust mandates from the Office of Management and Budget and closing gaps spotlighted by recent supply-chain and cloud identity incidents. CISA’s guidance—through binding operational directives, emergency directives, and sector alerts—drives patching priorities and architecture decisions across the government and critical infrastructure.

The Government Accountability Office has kept federal cybersecurity on its High-Risk List for decades, citing persistent weaknesses in access controls, incident detection, and vendor risk. Against that backdrop, leadership clarity is not a nicety; it is a prerequisite for consistent execution and credible engagement with industry, state and local partners, and international allies.

What to Watch Next as CISA Seeks to Regain Stability and Focus

Key markers of a course correction will include a hiring rebound, a return to predictable governance and risk processes, and renewed momentum on agency-wide patching campaigns. Observers will also watch whether CISA accelerates publication of technical advisories and repeatable playbooks—particularly around identity security, third-party risk, and the exploitation of widely used edge devices.

Ultimately, the handover to Andersen is a bid to stop the bleeding while the Senate weighs a permanent leader. If CISA can quickly restore discipline and tempo, the agency can refocus on what it exists to do: help agencies and critical infrastructure prepare for, detect, and blunt the next wave of intrusions—not manage the fallout of its own.

Bill Thompson
ByBill Thompson
Bill Thompson is a veteran technology columnist and digital culture analyst with decades of experience reporting on the intersection of media, society, and the internet. His commentary has been featured across major publications and global broadcasters. Known for exploring the social impact of digital transformation, Bill writes with a focus on ethics, innovation, and the future of information.
Latest News