Trump nominates Sean Plankey to run top US cyber agency

Sean Plankey, who served in cybersecurity roles in the first Trump administration, has been officially nominated to run the Cybersecurity and Infrastructure Security Agency (CISA), according to a Monday posting of nominations.

Plankey’s nomination has been sent to the Senate Homeland Security and Governmental Affairs Committee for official consideration.

A former acting assistant secretary for the Office of Cybersecurity, Energy Security and Emergency Response at the Department of Energy and a director for maritime and Pacific cybersecurity policy at the National Security Council, Plankey served from 2018-2020 in the first Trump administration.

Plankey, a United States Coast Guard veteran, also deployed to Afghanistan in 2013 in his role as a weapons and tactics branch chief at U.S. Cyber Command. He earned a Bronze Star for his work conducting offensive cyber operations during his time there, serving as deputy officer in charge of the expeditionary cyber support element.

Until last month, Plankey worked as the general manager and global head of cybersecurity software for Indigo Vault, a post-quantum encryption document protection platform.

Plankey declined to comment on his nomination.

In a September interview with Recorded Future News, Plankey said President Donald Trump prioritizes cybersecurity.

“The President was definitely supportive of cybersecurity issues,” he said. “We did receive a good amount of airtime.”

CISA has been under fire in recent months with Senate Homeland Security Chairman Rand Paul reportedly saying he would like to potentially eliminate the agency. 

During her January confirmation hearing Kristi Noem, the Secretary of the Department of Homeland Security, criticized CISA for expanding its mission to include countering disinformation during the Biden administration.

“CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission,” Noem said about the agency, which is part of DHS. “The mission of it is to hunt and harden. It's to find those bad actors and help work with local and state critical infrastructure entities so that they can help them be prepared for such cyberattacks.”

Several cyber insiders praised Plankey’s selection.

Plankey is a “straight shooter who will work tirelessly to refocus CISA on risk reduction and properly defending against China and other adversaries,” said Brian Harrell, who worked with Plankey when he served as assistant director for infrastructure security at CISA in the first Trump administration.

Harrell said CISA needs to be reformed under Plankey.

“CISA is struggling to gain a foothold within industry, the agency is currently sideways with Congress and the workforce is disgruntled,” Harrell said. “Sean will need to surround himself with trusted personnel and sell his vision for the agency — industry wants the agency to be successful, but they have to show value again.”

Mark Montgomery, the former executive director of the Cyberspace Solarium Commission, said he has worked with Plankey extensively, particularly on maritime cybersecurity, and called him a “great hire” with a “broad range of government experience.”

“Professional and competent with interagency savvy, he is just what CISA will need as we defend against an increasingly aggressive nation state adversary in China,” said Montgomery, who is now a leader at the Foundation for Defense of Democracies.

In his Recorded Future interview, Plankey tackled a range of topics, including the need to force cloud companies to make more of an effort to identify buyers, an initiative known as “Know Your Customer,” or KYC. The Biden administration highlighted the need for KYC rules in the national cyber strategy but never implemented them.

Plankey told Recorded Future News that KYC is an “extremely complicated and difficult issue, but it needed to be done. It was the leading source of nation state attacks.”

He pointed out that the original executive order calling for KYC came out at the end of the first Trump administration. Formalizing know-your-customer rules is a common sense move for countering cyber threats, he said in the interview.

“We will see more pointed measures at our adversaries, where there's more delineation between competitive nations versus adversarial ones,” Plankey said.

In 2023, lax security practices at Microsoft led to a cloud-enabled intrusion by Chinese hackers who infiltrated emails belonging to senior U.S. officials.

He also stressed that the Trump administration is likely to emphasize reciprocity with foreign partners, highlighting that Trump’s philosophy demanding NATO countries pay their fair share should carry over to cyber.

“We're not going to let China have unrestricted access to our internet, U.S. critical infrastructure, while they subsequently ban our companies from access,” he said.

Fixing the corrupted supply chain also will be critical, he said, pointing out that America didn’t “buy tanks from the Germans during World War II.”

“So why do we think we can buy critical infrastructure from the Chinese?” he said. “The U.S. government could do more assessments of critical infrastructure — for transformers in the energy sector, for cars, trucks, bridges, trains and airplanes.”

Other nominees listed in the Monday posting of nominees include:

• Aaron Lukas, a former adviser to former acting Director of National Intelligence Ric Grenell, to be the number two at the Office of the Director of National Intelligence. Lukas previously served as the deputy senior director for Europe and Russia at the National Security Council in Trump’s first term.

• George Wesley Street to helm the National Counterintelligence and Security Center.

Martin Matishak contributed reporting.