COMMENTARY: A year into its second term, the Trump administration’s efforts to strengthen national cybersecurity policy have been stalled oddly and inexplicably by a U.S. Senate controlled by the president’s own Republican Party.
Most notably, the nomination of Sean Plankey as director of the Cybersecurity and Infrastructure Security Agency (CISA) expired on Dec. 31 after months of inaction and political roadblocks unrelated to his qualifications.
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
While the White House
renominated Plankey earlier this month, the prolonged leadership vacuum at CISA comes at a time when U.S. adversaries such as China and Russia are actively positioning themselves within critical infrastructure to launch attacks on the American people, significantly raising the stakes for effective national cyber defense.
The expired Plankey nomination represents just the latest casualty of political maneuvering and personal vendettas that have little to do with actual cyber policy. These parliamentary “self-owns” risk leaving the nation’s cyber defenders leaderless and under-resourced, exposing vital systems like water, power, and transportation to determined and well-resourced cyber adversaries.
Legislative stalemate
Efforts to renew the Cybersecurity Information Sharing Act of 2015 (CISA 2015) have been hampered by resistance to a “clean,” long-term reauthorization. Despite broad support from the White House, both parties in both houses, and industry leaders, Sen. Rand Paul, R-Ky., chair of the Senate Homeland Security Committee, has slowed renewal of CISA 2015, the legislation, over his concerns about past social media censorship by CISA, the agency. As a result, Congress has produced a patchwork of short extensions and changes, miring liability protections for cyber data sharing in uncertainty. Unless something changes, CISA 2015 is
set to expire on Jan. 30, this Friday.
Similarly, the State and Local Cybersecurity Grant Program faces an uncertain future. While the House passed the PILLAR Act to extend the program, it failed to specify funding levels, sending the issue to a Senate preoccupied with broader budget disputes. As a result, state and local cyber defenders are left anxious about the continuity of support for cash-strapped infrastructure operators.
Blocking Sean Plankey’s nomination
The blocking of Plankey’s first nomination was driven by disputes largely unrelated to cybersecurity and completely unrelated to his cybersecurity and leadership credentials.
Sen. Ron Wyden, D-Ore., placed an initial hold to compel CISA to release a report on the
Salt Typhoon investigation begun under the Biden administration and still underway today under Trump. While appropriately focused on the nation’s cybersecurity, the ongoing investigation and any subsequent actions to ameliorate the U.S. telecommunications sector’s cyber vulnerabilities would undoubtedly achieve greater traction and better outcomes under a confirmed, fully empowered CISA director.
North Carolina Senators Ted Budd, R-N.C., and Thom Tillis, R-N.C., also worked to block Plankey’s nomination over cuts to or delays of the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) disaster relief payments to North Carolina property owners.
While
both senators later lifted their holds in December,
Senator Tillis re-committed to blocking the
newly-renominated Plankey and all other DHS nominees until DHS Secretary Kristi Noem testifies before the Senate Judiciary Committee —
now set for March 3 — to discuss numerous oversight concerns, again, unrelated to cybersecurity.
Finally, Sen. Rick Scott, R-Fla., blocked the nomination over his disapproval of DHS’s cancellation of a Coast Guard cutter contract with a Florida shipbuilder failing to meet delivery agreements.
Why we need to break the logjam
We need our elected representatives to represent the many valid interests and priorities of the American people, but this convergence of conflicting regional interests has deprioritized national cyber defense at a time when our nation can least afford it.
A confirmed CISA director is essential for executing the administration’s
National Cybersecurity Strategy. An acting director lacks the authority to commit the agency to long-term initiatives, undermining continuity and stability for staff, industry partners, and critical infrastructure operators.
Sean Plankey commands bipartisan confidence and technical credibility, bridging government and industry experience. As a confirmed director, he would be empowered to set the essential multi-year strategies, assert budget priorities, and strengthen recruitment efforts.
Should the next world war open with a catastrophic series of Chinese cyberattacks on U.S. critical infrastructure, history will remember the Senate’s inability to move cybersecurity policy forward as a tragic example of how democracies riven with self-interest and infighting can render them incapable of defending themselves.
The Senate must put it's foot down, stop the unending
petty squabbles, and fulfill its oath to protect the Constitution and the American people by confirming a qualified leader for CISA. In these troubled and increasingly dangerous times, Sean Plankey is the right person for the job.
Bob Ackerman, co-founder, DataTribe; chairman, Global Cyber Innovation Summit SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
