CISA ends 2025 with more employee departures, a polygraph scandal, and no senate-confirmed director.
.png?width=1920&height=1080&name=CISA%20wraps%20up%202025%20(1).png)
Since President Trump started his second term in January 2025, many federal agencies have faced serious structural changes as part of a larger effort to shrink the federal workforce, particularly at the hands of the now-dissolved Department of Government Efficiency (DOGE). The United States’ top cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA), did not escape unscathed. The previous director, Jen Easterly, resigned on inauguration day, and the rest of the year was filled with leadership changes and repeated staff cuts. Even as 2025 came to a close, the agency continued to experience remarkable instability, possibly signalling turmoil for the new year.
CISA still lacks a Senate-confirmed director to replace Easterly - meaning the agency is nearing a year without a permanent leader. Sean Plankey was first nominated by Trump to the position in March, news that was largely well-received. Easterly commended the nomination on LinkedIn, sharing that she was “excited for him and the team at the Cybersecurity and Infrastructure Security Agency” and that he would “bring great cyber expertise, private sector creds, a warrior spirit, and steady leadership to Team CISA.”
Plankey’s nomination was blocked by Oregon Senator Ron Wyden (D) in an effort to force CISA to release a 2022 report on telecommunications insecurity, which was especially relevant in the aftermath of the historic Salt Typhoon hack of late 2024. The hold on Plankey’s nomination is not entirely partisan, either - Florida Senator Rick Scott (R) also blocked the nomination to limit a contract with the Coast Guard and a Florida-based shipbuilder. The Senate is out of session until January 5, 2026, so it may be a while still before CISA has a director.
Unfortunately, the acting director of CISA, Madhu Gottumukkala, has encountered unique challenges in leading the agency. In July, Gottumukkala was reportedly forced to take a polygraph test (also known as a lie detector test in popular culture) before accessing exceptionally sensitive information about a program shared with CISA. He was first denied access to the information, but the senior official who rejected the request left before he sent in the second request, which was approved - leading to the polygraph debacle. The lie detectors have emerged as a test of confidence in other agencies, despite not being admissible in court, as they are not reliable tools for evaluating truthfulness.
Gottumukkala did not pass the test, but the polygraph was later called “unsanctioned” by a DHS spokesperson, and the six CISA employees who arranged the test are now on administrative leave, with no access to the classified information. While this incident happened in the summer, the story broke on December 22, a couple of days after another key CISA departure made headlines. On December 19, David Stern, the prime mover behind CISA’s Pre-Ransomware Notification Initiative (PRNI), resigned. Stern was ordered by the Department of Homeland Security (DHS) to either join the Federal Emergency Management Agency (FEMA) in Boston or quit.
His decision to leave CISA has caused some concern. The PRNI takes tips about possible early-stage ransomware activity from the Joint Cyber Defense Collaborative’s (JCDC’s) work with their cybersecurity research partners, infrastructure providers, alongside information from cyber threat intelligence companies. Since its start in 2022, the initiative has sent out more than 4,300 notifications, protecting organizations from ransomware attacks all over critical infrastructure industries. Stern was solely responsible for sending out the notifications, and “has saved enterprises many billions in prevented damages” with his work.
Stern’s resignation “has not stopped [the program] and [it] continues to operate as a key element in CISA’s efforts to defeat ransomware attacks”, according to Marci McCarthy, the CISA Director of Public Affairs. Still, Cybersecurity Dive found that some familiar with the initiative are skeptical about the PRNI’s ability to gain and share threat information in Stern’s absence, even as CISA is reportedly training others to take over Stern’s role. One associate shared that “Dave has relationships that won’t be portable to someone new,” while another said “this program mostly relied on information from trust groups run by private-sector entities, and they are reassessing how they want to engage with CISA.”
The polygraph-related suspensions and the resignation of David Stern are only the most recent exits at the cybersecurity agency. By the end of May 2025, just five months after Trump’s inauguration, about 1,000 people (almost a third of CISA’s workforce) had already left the agency due to budget and policy changes. Fortunately, the Senate’s draft homeland security spending bill doesn’t suggest that 2026 will have more staff cuts at CISA.
Senate appropriators are reportedly fighting back on the steeper CISA cuts ($500 million) proposed by Trump and are attempting to stop cuts to CISA’s National Risk Management Center. The bill states that “CISA shall not reduce staffing in such a way that it lacks sufficient staff to effectively carry out its statutory missions,” and that the agency “shall maintain a workforce consistent with the personnel and full-time equivalents funded by the pay and non-pay amounts provided in this act.” Though 2025 has been a tumultuous year for CISA, 2026 may provide the stability needed to strengthen the nation’s cybersecurity.