CISA chief details hiring progress, AI BOD

The Cybersecurity and Infrastructure Security Agency is extending nearly 200 job offers this month, as CISA looks to reinforce its depleted ranks amid a wave of new artificial intelligence security mandates and activities.

During a Tuesday morning keynote address at a conference in Washington hosted by Axonius, acting CISA Director Nick Andersen also said the agency is reorienting itself around a “ruthless” prioritization of cyber-physical risks in both federal networks and critical infrastructure.

Andersen’s comments come amid heightened concerns about the security of federal networks and critical infrastructure due to advances in AI. President Donald Trump last week signed out an AI security executive order that tasks CISA and other agencies with numerous actions.

Meanwhile, lawmakers on both sides of the aisle have raised concerns about a “weakened” CISA due to steep workforce reductions under the Trump administration.

But Andersen said CISA is now positioned for new growth and “significant investments,” alluding to Homeland Security Secretary Markwayne Mullin’s comments this month about the cyber agency needing to hire roughly 600 new employees.

Already, CISA is making progress on an initial plan to hire 329 “mission-critical” staff. Andersen said CISA expects to make about 180 tentative job offers by the end of June.

“So we’re going to have a whole lot of new colleagues joining us here at the CISA table and joining us here in the room at some point to be able to work with you all as part of this extended community,” Andersen said.

Andersen also discussed efforts to unify CISA’s three primary missions: cybersecurity, infrastructure security and emergency communications. He compared CISA’s growth since becoming a full fledged agency in 2018 to the growing pains the Department of Homeland Security has faced writ large.

“How do we bring all these different cultures together? How do we bring all these different missions together?” Andersen said. “We’re really taking a concerted effort right now, bringing all those missions together, and again saying, how is it that we balance our approach between cyber impacts, between the physical security impacts, and between our emergency communications resiliency mission.”

AI BOD forthcoming

Meanwhile, a new AI security executive order is animating much of CISA’s current activities. Andersen provided further details on a forthcoming AI binding operational directive (BOD), which he suggested CISA will release Wednesday morning.

“We’re asking people to take a different approach to vulnerability management,” Andersen told reporters of the BOD following his keynote. “Overall, our approach to date has been, ‘A patch is released, apply this patch as quickly as you can.’”

But under the BOD, CISA will be “asking people to take more of a focus on risk associated with these vulnerabilities,” Andersen continued.

“Really, to be able to highlight some patches aren’t as important as others, and plugging the holes with some vulnerabilities is not as important as others,” he said.

More broadly, CISA is changing its approach to securing federal networks, Andersen said. He said the agency wants to build on the “great success” of legacy CISA federal cyber programs like Einstein, the National Cybersecurity Protection System and the Continuous Diagnostics and Mitigation (CDM) program, while taking advantage of new AI tools and training opportunities for other agency cyber personnel.

“We’re in the process of breaking all those walls down now,” Andersen said. “We’re in the process of breaking all that down to provide for unified visibility across our dot-gov infrastructure. We’re in the process of unifying those investments, and we’re in the process of being able to bring those things together, so we actually have a one dot-gov approach to being able to move forward.”

Critical infrastructure prioritization

Meanwhile, Andersen said the prioritization in the forthcoming BOD extends to all of CISA’s work, especially on securing critical infrastructure.

“My focus has really been on what’s the ruthless prioritization approach that we have to be able to make,” Andersen said.

CISA has engaged in several new critical infrastructure projects in recent months, including one focused on military-connected infrastructure and another, “CI Fortify,” that is working with critical infrastructure to prepare for cyber outages.

Andersen said CISA’s efforts securing critical infrastructure are focused around prioritizing the most critical services that underpin the economy and national security.

“If we try to say that everything is equally as important, then absolutely nothing’s going to be important,” he said.

Asked how that is different than past CISA efforts like “systemically important critical infrastructure,” Andersen said the agency is focused on sustaining granular “functions’ through a crisis, instead of just designating entities as especially critical.

“If I have a major bank that I’m talking to, is it as important to me that the bank’s process that supports the bulk payment system is resilient, or is it just as important to me that the branch location two blocks away is continuing to operate?” Andersen told reporters. “Those things just are apples and oranges, even though it’s the same entity that might be affected.”

Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.