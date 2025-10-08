The new CISA cyber chief is refocusing the agency on its core mission: defending federal networks and critical infrastructure — even as budgets tighten.

The new leader of the Cybersecurity and Infrastructure Security Agency’s Cyber Directorate is looking to build on CISA’s past successes, while focusing on the agency’s core responsibilities — despite a smaller staff and budget.

Nick Andersen became CISA’s executive assistant director for cybersecurity September 2025. In a wide-ranging interview with Federal News Network, Andersen said his focus is on “the core operational norms of what CISA is supposed to be delivering” amid a wave of staffing departures at the cyber agency. The Trump administration has also proposed cutting CISA’s annual budget by nearly $500 million.

“We’re supposed to protect the dot-gov and work with federal civilian executive branch agencies,” Andersen said during Federal News Network’s Cyber Leaders Exchange 2025. “We’re supposed to be the national coordinator for critical infrastructure security and resilience.”

Thwarting major cyber adversaries

An animating focus for Andersen is western intelligence assessments that the Chinese military will be ready for a full-scale military invasion of Taiwan by 2027. Such an invasion would be expected to feature cyberattacks against critical infrastructure.

“That’s really where I want to laser focus the staff. What are we doing to defend this nation’s greatest assets? We have an economy, we have national security, we have a public health system that is incredibly reliant on technology and the associated infrastructure,” Andersen said. “And if we want to do right by our fellow citizens, by our neighbors, by our friends and family, it really requires us to show up and give our best every single day. And that, if I’m just hyper summarizing it to one point, is what are we doing to deter the threat of China 2027.”

CISA’s role as the “nation’s cyber defense agency” includes working with original equipment manufacturers “to make sure that we’re helping them to identify opportunities to develop and build equipment that is secure from the start — secure by design,” he said.

“At a broad brush stroke, just sort of refocusing ourselves on, why is it that we exist, and what is it that we’re supposed to be doing? Now, let’s take all the things that are good ideas and let’s set those to the side until we’ve really demonstrated some mastery over our core competencies.”

CISA support to federal agencies

Andersen said he wants to continue to grow the cybersecurity services that CISA provides to other federal agencies, as well as state and local governments.

The Continuous Diagnostic and Mitigation program is a prime example. CDM provides agencies with cybersecurity tools, integration services and dashboards.

“The first tranche of CDM was just trying to provide the opportunity for agencies and departments to be able to procure a certain suite of services and solutions that were going to make them more secure and collectively raise the bar,” Andersen said. “Now, we need to get to the point where we’re operating in a little bit more of a common manner.”

When a cyber incident hits an agency, Andersen wants federal cyber operators to fall in on a “common stack” of cyber technologies.

“If this department is using tool X and this one’s using tool Y though, that’s going to be a little bit more of a steep learning curve,” he said. “CDM, just like all these other programs that we’re looking at right now, is at a growth and evolution point. How do we continue the successes that have already been delivered, but how do we build on them for the next set of priorities?”

Andersen also identified CISA’s threat hunt and incident response teams as an area he wants to “continue to grow and mature.” He further pointed to CISA’s capacity building program, which works on the agency’s binding operational directives, as well as the technology director’s office, which focuses on forward-looking issues like artificial intelligence and post-quantum cryptography.

“How do we enable the federal enterprise to do things more smartly? And that’s where our CDM program lies,” Andersen said. “We’ve got a huge breadth of capabilities there across the board.”

Critical infrastructure partnerships

CISA’s work with the broader cybersecurity community and critical infrastructure is also a priority for Andersen.

The Joint Cyber Defense Collaborative, established in 2021, is a conduit for those partnerships. Andersen cited the JCDC-sponsored Project Chainbreaker initiative, which focuses on defending critical infrastructure from China-based cyberthreats.

That work is informed by campaigns like the Salt Typhoon intrusions into U.S. telecommunications infrastructure and the Volt Typhoon targeting of power, water and other critical services. The cybersecurity community uses the Typhoon naming convention to describe hacking groups aligned with the People’s Republic of China.

The Chainbreaker project is “bringing together a core community to say defensively, ‘How would we respond to several different scenarios regarding them as a threat actor, those longer term or strategic engagements, using Salt Typhoon and Volt Typhoon as illustrative examples of the type of activity we’re going to see?’ ” Andersen said.

CISA’s Joint Cyber Environment is also an emphasis for Andersen, who wants to deepen partnerships through a “common operating environment” for cyber defenders across the public and private sectors.

Ultimately, Andersen wants to get CISA’s broader community of stakeholders — state and local governments, critical infrastructure and international partners — focused on preparing for the long-term cyberthreat of China, rather than individual events and campaigns.

“These are persistent threat actors with persistent campaigns that are going to continue to target our nation’s infrastructure, whether it’s commercial, critical infrastructure or government infrastructure,” Andersen said. “That’s really the focus for us: Making sure that we are resilient over the long term, rather than trying to focus on an individual point in time.”

