Lack of CISA leadership amid DHS shutdown raises risks, cyber pros say

Industry experts say while the U.S. Cybersecurity and Infrastructure Security Agency ( CISA) can execute its core statutory mission without a full-time director, not having a top advocate for the agency means it will lack the political weight to fight for long-term funding or survive the ongoing Homeland Security shutdown unscathed.

As the cybersecurity industry prepares for next week's annual RSA Conference in San Francisco, most security pros told SC Media that while the agency can continue, many wondered what threats it is missing given that CISA now operates with one-third the staff and 1,500 of its remaining 2,300 employees sidelined by the DHS shutdown.

“While the ‘excepted’ personnel are still working — without pay — to monitor imminent threats, the agency has admitted it has had to shutter non-essential programs,” said Noelle Murata, a senior security engineer at Xcape, Inc. “It can keep the lights on, but it cannot build new tools or lead a national strategy.”

Leadership issue resurfaces in Congress

The lack of a top person at CISA was back in the headlines Wednesday as senators grilled Homeland Security nominee Sen. Markwayne Mullin, R-Okla., on the many cutbacks at CISA, the reality that Sean Plankey’s nomination for CISA director is no longer viable after being mysteriously escorted out of U.S. Coast Guard Headquarters two weeks ago, and the United States' conflict with Iran that may continue for several more weeks, if not months.

On the surface, the agency has been functioning. In the past 24 hours, CISA issued a warning to security teams that they should lock down Microsoft Intune systems in the wake of the Iran-linked cyberattack on U.S. medical device maker Stryker.

CISA also advised government agencies to apply patches for two security bugs impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, confirming that they have been actively exploited in the wild.

But some security pros question how long the agency can tread water.

Without the right leadership in place, cybersecurity pros assume that advisories are likely late or nonexistent, said Kevin Surace, chair at TokenCore, adding that he was concerned on what information the industry might miss out on because of the lack of leadership.

“It's very critical to get a highly experienced cybersecurity leader in place immediately,” said Surace. “Given that China, Iran, North Korea, and Russia are trying to take advantage of the war, we have to have the best leadership in government.”

Morey Haber, chief security advisor at BeyondTrust, added that leadership in cybersecurity is “directional” and not necessarily a daily requirement. Without a director, Haber said CISA will not stop functioning, but over time it will lose velocity, clarity, and authority when critical events unfold that need a thought leadership, public statements, and operational guidance.

Haber said threat intelligence is not just about assigning workloads to staff: it’s about prioritization, context, expertise, and decisive guidance.

“A director aligns interagency signals, validates risk, sets the communication tone, and communicates urgency to both the public and private sectors,” said Haber. “Without that role, messaging can become fragmented, slower to escalate, and less actionable for every organization making real-time decisions based on current events."

"For today, CISA is still operating, but drift and focus will continue to be issues as time goes on," Haber continued. "In cybersecurity, hesitation is exposure. Threat actors do not wait for leadership vacancies to be filled; they exploit them as gaps emerge.”

Xcape’s Murata offered three steps that need to happen for the government reverse course: