CISA’s Posture: Directives as Signals and a Leaner Federal Stack
With regard to CISA, Executive Assistant Director for Cybersecurity Nick Andersen described how the agency is leaning on compulsory tools for the federal enterprise while treating them as signals for everyone else.
Emergency directives to civilian executive agencies, joint advisories with Five Eyes partners and targeted initiatives such as the Joint Cyber Defense Collaborative are meant to push timely mitigations and “buy down risk” across government and industry, he said.
“CISA is operational,” Andersen said, pointing to a “fairly high pace of activity” that includes recent advisories covering both broad threats and specific vulnerabilities such as on-premises email systems.
Andersen also previewed a push to rationalize the federal cyber stack — via the Continuous Diagnostics and Mitigation program and related efforts — to reduce tool sprawl, improve visibility, and free funding and talent for higher-value work. A more unified stack, he said, would make it easier to move cyber professionals among agencies and focus analysts on consequences and mitigation rather than “data normalization” chores.
FBI’s Four-Pillar Disruption and the AI Imperative
From the FBI’s vantage point, Assistant Director Brett Leatherman said the bureau is sustaining arrests, extraditions and infrastructure takedowns with international partners — even during the ongoing shutdown — by targeting what he called four pillars of the adversary ecosystem: people, infrastructure, money and tools.
“The more of those we hit in any one joint, sequenced operation, the more enduring the impact,” he said.
Leatherman warned that AI is accelerating the offensive side — compressing the time from intrusion to impact, enabling persistence and lateral movement, and helping mid-tier criminals approximate nation-state capability. He singled out campaigns linked to China as a pacing threat aimed at enumerating and exploiting exposed infrastructure across critical sectors.
While the government must protect sensitive data sets and preserve chain of custody, he said the FBI has to “meaningfully adopt” AI to process massive volumes of logs and telemetry. “There’s no way we can scale our defensive operations unless we start to really use artificial intelligence … to look for deviations of behavior,” he said.
READ MORE: How to best prepare for an AI-fueled cyberattack.
Officials Emphasize the Effectiveness of a Collaborative Culture
All three officials emphasized that culture, governance and modernization must keep pace with technology. Cairncross said the White House is working with the Office of Management and Budget and others to speed updates so agencies aren’t deploying obsolete tools by the time procurements finish.
He argued against reflexive “new overlays of regulation,” favoring principles and sector-specific collaboration that elevate cyber to CEOs and boards while reducing duplicative compliance.
Andersen framed CISA’s federal mission as balancing agency autonomy with enterprise risk: “Risk to one is risk to all.” He said that directives and advisories are designed to push a consistent baseline while enabling agencies to deliver on their missions.
Leatherman put people at the top of his priority list — above technology and policy — both for the FBI’s workforce and for public-private teamwork during incidents.
He credited early, robust victim cooperation for helping contain one of the most consequential recent espionage campaigns: “We would not be where we are if victims hadn’t invited FBI and incident response teams in on day one.”
The officials’ messages converged on a simple expectation for the months ahead: a more coordinated federal playbook; clearer signals to industry; and faster, AI-enabled defense that measures success by outcomes, not meetings.
As Cairncross said, form must follow function: Information sharing and new tools matter only if they harden the nation’s defenses and impose real costs on its adversaries.
