Following his March nomination by U.S. President Donald Trump to head the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey appeared before the Senate Committee on Homeland Security and Governmental Affairs last week, where lawmakers pressed him on the impending expiration of a key information-sharing law and the agency’s current challenges. Plankey, now serving as a senior adviser to Homeland Security Secretary Kristi Noem, outlined his leadership priorities for an agency grappling with deep staffing losses and steep budget cuts proposed in Trump’s Fiscal Year 2026 plan.
Plankey, who brings a wealth of experience in cybersecurity and national security, previously held key roles at the Department of Energy and the National Security Council during Trump’s first term.
“If confirmed, you will be tasked with overseeing an agency that has been gutted by the Trump Administration,” Gary Peters, a Democrat from Michigan, wrote in his opening statement. “As you know, CISA is the backbone of our nation’s cybersecurity defense system, protecting federal networks and partnering with the private sector. CISA is the only civilian agency with the infrastructure, expertise, and statutory authority to carry out this critical work.”
He added that since President Trump’s first term, he has worked to decimate CISA, most recently slashing its workforce by more than 30 percent and eliminating key leadership positions.
Peters also noted that the Administration has proposed a nearly 20 percent budget cut for the agency for Fiscal Year 2026. “Cyberattacks are one of the most significant national security threats our nation faces, and I’m extremely concerned by this Administration’s actions that are undercutting CISA’s capacity to defend our nation.”
Peters asked Plankey at the hearing how he would ensure that CISA fulfilled all of its responsibilities after losing so many employees. “You’re walking into an agency that’s critically important and is being cut off at the knees because some of alleged things that may have happened in the past but are not occurring now,” he said.
Plankey said his goal would be “to allow the operators to operate.”
He added that “CISA has a number of the most capable cybersecurity people in the world.”
“I’m going to empower those operators to operate and do the best they can,” Plankey said. “And if that means we have to reorganize in some form or fashion, that’s what we’ll do. I’ll lead that charge. And if that means that we need a different level of funding than we currently have now, then I will approach the Secretary, ask for that funding, ask for that support.”
During the hearing, Plankey addressed the impending expiration of the 2015 Cybersecurity Information Sharing Act, explaining to senators that it was a critical tool for encouraging businesses to share threat indicators with one another and with government agencies. He also told Senator Maggie Hassan that he backed continued funding for another expiring initiative, the State and Local Cybersecurity Grant Program.
“I absolutely support the state and local grant program for cybersecurity,” Plankey said. “There’s many rural areas of America, and CISA exists to support all Americans across the United States, and one of the best ways to do that is through the state and local grant program.”
“During his nomination hearing yesterday, Sean Plankey demonstrated that he is the right person to lead CISA,” Andrew Garbarino, a New York Republican and House Committee on Homeland Security Chairman, said in a Friday statement. “If confirmed, he will drive necessary reforms to ensure our nation’s risk advisor succeeds in its statutory mission: protecting our federal civilian networks and critical infrastructure. I look forward to working with Sean to codify reforms at CISA, as well as to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program (SLCGP), two of my top priorities as Chairman.”
Garbarino said that with cyber threats continuing to evolve rapidly and a ticking clock on both CISA 2015 and SLCGP, “we cannot allow any further delay in Sean’s confirmation. Every minute without CISA’s top leadership in place puts our security at risk and benefits nation-state sponsored cyber actors like Salt Typhoon.”
He added that he is “committed to working with my House and Senate colleagues on both sides of the aisle to dig deeper into that intrusion, which is essential for CISA to address in its role as the Sector Risk Management Agency for the communications sector.”
Cyber defense is increasingly falling on the shoulders of private companies—the utilities, networks, and service providers that keep society running. As the first line of defense, their preparedness will largely shape the nation’s resilience against a rising tide of cyber threats.
Frameworks like the Cybersecurity Maturity Model Certification (CMMC), the NIST Cybersecurity Framework, and updated supply chain security practices are no longer just best practices or bureaucratic requirements. They are becoming essential pillars of national security. For critical infrastructure operators and the defense industrial base, meeting standards isn’t enough. Cyber readiness must be operationalized—through network segmentation, proactive threat hunting, endpoint hardening, and regular incident response drills that are treated with the same urgency as physical safety protocols.
