Sean Plankey, the Department of Homeland Security senior adviser and Trump nominee to lead the Cybersecurity and Infrastructure Security Agency, was escorted out of the U.S. Coast Guard headquarters late Monday and had his access badge removed, according to sources familiar with the matter. The nominee to lead the cyber defense agency has left his role at DHS, though circumstances behind the sudden move remain unclear.
Plankey, a retired U.S. Coast Guard officer, formerly served as senior adviser to the homeland security secretary for the Coast Guard, a role he held while awaiting Senate action on his nomination to lead CISA, the agency responsible for protecting federal civilian networks and U.S. critical infrastructure from cyber threats.
A Coast Guard spokesperson referred inquiries to DHS. “We have no personnel matters to announce at this time,” a DHS spokesperson said. CBS News has also reached out to CISA for comment.
Florida Sen. Rick Scott placed a hold on Plankey’s 2025 nomination, and at the end of the legislative session last year, his nomination expired, along with other nominations that did not receive a Senate vote. President Trump renominated Plankey in January after his earlier nomination stalled in the Senate. But multiple people familiar with the process said the renomination was unintended and occurred as part of what one source described as an administrative error in a broader list of nominations submitted by the White House.
People familiar with internal dynamics at CISA said Plankey had longstanding tensions with Madhu Gottumukkala, who served as the agency’s acting director until he was replaced days ago. Gottumukkala previously worked in South Dakota and has close ties to Homeland Security Secretary Kristi Noem, the sources said.
Those tensions escalated in recent months during disagreements over cybersecurity contracts, according to one person briefed on the dispute. The person said Plankey pushed for certain contracts to move forward while Gottumukkala was uncomfortable approving them. Because Plankey is a nominee who’s awaiting Senate confirmation, he is generally expected to avoid involvement in agency operations, particularly those related to the department’s contracting.
The agency has also faced scrutiny in recent months after reporting revealed Gottumukkala uploaded sensitive but unclassified government documents marked “for official use only” to a public version of ChatGPT, triggering automated security alerts and prompting an internal review into the handling of sensitive information.
The leadership turmoil comes as CISA has undergone a series of rapid changes. Gottumukkala was replaced last month as acting director by Nick Andersen, the agency’s executive assistant director for cybersecurity.
Plankey has also advised on Coast Guard policy matters, working to help the service branch secure roughly $25 billion in funding for the service in the most recent appropriations bill.
Two senior homeland security officials told CBS News that Plankey remains the nominee for CISA director, despite his abrupt removal as senior DHS adviser. People familiar with the confirmation process say that Senate schedules and the upcoming campaign season may stand in the way of a speedy confirmation, but another obstacle arose Tuesday, during Noem’s testimony before the Senate.
GOP Sen. Thom Tillis of North Carolina threatened to stall President Trump’s nominees and Senate business if Noem ignored inquiries from his office regarding immigration enforcement operations and disaster response funding in his state.
“If I don’t get an answer that you’ve had a month to respond to, and the remaining ones … as of today, I’ll be informing leadership that I’m putting a hold on any en bloc nominations until I get a response, and in two weeks, if I don’t get a response, I’m going to deny quorum and markup in as many committees as I can until I get a response,” the senator said during a hearing.
Meanwhile, some cybersecurity officials and industry experts say the prolonged leadership turmoil risks undermining CISA’s standing with the private sector. While larger critical infrastructure companies increasingly rely on private intelligence vendors for faster cyber threat information, smaller organizations — including water utilities and manufacturers — still depend heavily on CISA alerts and guidance.
The uncertainty comes as the federal government faces a partial shutdown of DHS and officials warn of heightened cyber threats from foreign adversaries, including Iran-linked actors targeting U.S. infrastructure.
Last week, the Department of Homeland Security issued a Critical Incident Report to law enforcement partners warning that the hacktivist group, the Cyber Islamic Resistance has called for cyberattacks against the United States and Israel, urging mobilization of cyber warfare supporters. The report finds that Iran-aligned actors may conduct low-level cyber operations, such as website defacements and distributed denial of services attacks, amid rising tensions that has also broadened the risk of retaliatory activity targeting Jewish, pro-Israel, or U.S. government–linked sites.
