Federal questioning of CISA nominee, Simultaneous revelation of FEMA reform legislation
The Cybersecurity and Infrastructure Security Agency (CISA), under the Trump administration, focused on identity security primarily from a defensive standpoint. However, efforts faced significant challenges, including workforce reductions, budget cuts, and a narrowed federal cybersecurity scope, limiting CISA's capacity to serve critical infrastructure operators and execute broader offensive capabilities.
Sean Plankey, a former Energy Department and Coast Guard official, has been nominated to lead CISA. Widely supported by the cybersecurity community, Plankey testified before the Senate Homeland Security and Governmental Affairs Committee last week. If confirmed, Plankey plans to reorganize CISA if necessary and ask for additional funding if required.
Key efforts by CISA under the Trump administration included updating incident response playbooks to incorporate AI security concerns, maintaining oversight and compliance mandates for federal agencies, and providing free cybersecurity services to critical infrastructure entities. These efforts aimed to strengthen defenses against AI-enabled attacks and protect identity and access management systems within these infrastructures.
However, major challenges included loss of one-third of CISA’s workforce and budget cuts, a shift toward decentralization and streamlined compliance, and the emerging threat surface from newer technologies like AI and IoT devices. These challenges weakened identity-focused security programs and reduced support to financially constrained organizations.
New House Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.) has called on the Senate to quickly confirm Plankey. The Senate Homeland Security and Governmental Affairs Committee is scheduled to vote on advancing Plankey's nomination on Wednesday.
The bill that directs FEMA to develop a universal application for individual disaster assistance also aims to streamline disaster assistance processes for both individuals and state and local governments. The FEMA Act, a bipartisan bill to reform the Federal Emergency Management Agency, was released last week.
Plankey intends to prioritize addressing supply chain concerns, such as potential rogue communication devices in Chinese-made renewable energy infrastructure. However, Sen. Ron Wyden (D-Ore.) is holding Plankey's nomination on the Senate floor until CISA commits to releasing a report on cybersecurity weaknesses in U.S. telecommunications infrastructure.
The Trump administration has established a FEMA Review Council to recommend reforms to federal emergency management. The council's recommendations are due to the White House in November. If confirmed, Plankey plans to focus on protecting critical infrastructure, "mom and pop small businesses", and the federal civilian executive branch from cyberattacks.
Wyden stated that he will not lift his hold on Plankey's nomination until the report is public. The Senate has not yet voted on Plankey's nomination.
Budget cuts in CISA have restricted its capacity to address cybersecurity challenges posed by emerging technologies such as AI and IoT devices. If confirmed, Sean Plankey, the nominee to lead CISA, plans to request additional funding to combat these threats.
The reorganization of CISA, as proposed by Sean Plankey, aims to prioritize cybersecurity measures for critical infrastructure, including technology-driven sectors, and address potential vulnerabilities in supply chains.
