The Cybersecurity and Infrastructure Security Agency has replaced acting director Madhu Gottumukkala after a rocky tenure that frustrated staff and alarmed policymakers, according to multiple reports. ABC News first reported the leadership change, which comes as the nation’s lead civilian cyber agency confronts escalating threats and an extended vacancy in its top, Senate-confirmed role.
Why the Leadership Shake-Up at CISA Happened This Year
Gottumukkala’s year at the helm was marred by operational missteps and internal turmoil, current and former officials say. Among the most serious allegations: the improper uploading of sensitive government documents into ChatGPT, an incident that triggered security reviews and trust concerns inside the agency. The workforce also reportedly shrank by roughly one-third during his tenure, a steep contraction for an agency that has struggled to recruit and retain scarce cyber talent.
Compounding matters, Gottumukkala is said to have failed a counterintelligence polygraph required for access to certain classified materials, then suspended several career officials in the aftermath, including the agency’s chief security officer, according to people familiar with the matter. The cumulative effect was a year of distraction when agencies and critical infrastructure operators needed CISA’s guidance most.
Before joining CISA as deputy director, Gottumukkala served as South Dakota’s chief technology officer under then-governor and current Homeland Security Secretary Kristi Noem. That résumé raised questions among some career staff about federal readiness and continuity—questions that grew louder as crises stacked up.
Who Steps In at CISA Now and What Immediate Changes Follow
Andersen, who previously led CISA’s cybersecurity division, is stepping in as acting director, according to people with knowledge of the move. That background suggests an immediate pivot back to core blocking-and-tackling: incident response, vulnerability management, and rapid advisories through programs like the Known Exploited Vulnerabilities catalog and the Joint Cyber Defense Collaborative.
Early priorities are expected to center on rebuilding trust with agency partners, stabilizing the workforce, and restoring normal governance processes after a turbulent year. CISA’s operational tempo—coordinating interagency responses, issuing binding directives, and advising critical infrastructure—depends on clear chains of command and credible technical leadership.
A Lingering Vacancy at CISA’s Top Post and What It Means
CISA still lacks a Senate-confirmed director. The administration has tapped Sean Plankey for the role, but the nomination awaits a hearing. Senator Ron Wyden previously held up Plankey’s nomination, pressing for the release of an unclassified report allegedly detailing systemic cybersecurity weaknesses at major telecom providers after a wave of intrusions by the China-linked group dubbed Salt Typhoon. Until the Senate acts, CISA remains reliant on interim leadership amid high-stakes operations.
The leadership churn extends beyond the front office. Nextgov reported that Bob Costello, CISA’s chief information officer, departed after a failed attempt by Gottumukkala to reassign him—an effort reportedly blocked by political appointees. CIO continuity is not cosmetic at CISA; it underpins the very IT systems that deliver advisories, telemetry sharing, and interagency coordination.
Why Stability at CISA Matters Now for Federal Cybersecurity
Federal civilian agencies are still executing zero trust mandates from the Office of Management and Budget and closing gaps spotlighted by recent supply-chain and cloud identity incidents. CISA’s guidance—through binding operational directives, emergency directives, and sector alerts—drives patching priorities and architecture decisions across the government and critical infrastructure.
The Government Accountability Office has kept federal cybersecurity on its High-Risk List for decades, citing persistent weaknesses in access controls, incident detection, and vendor risk. Against that backdrop, leadership clarity is not a nicety; it is a prerequisite for consistent execution and credible engagement with industry, state and local partners, and international allies.
What to Watch Next as CISA Seeks to Regain Stability and Focus
Key markers of a course correction will include a hiring rebound, a return to predictable governance and risk processes, and renewed momentum on agency-wide patching campaigns. Observers will also watch whether CISA accelerates publication of technical advisories and repeatable playbooks—particularly around identity security, third-party risk, and the exploitation of widely used edge devices.
Ultimately, the handover to Andersen is a bid to stop the bleeding while the Senate weighs a permanent leader. If CISA can quickly restore discipline and tempo, the agency can refocus on what it exists to do: help agencies and critical infrastructure prepare for, detect, and blunt the next wave of intrusions—not manage the fallout of its own.