Agency selects Nicholas Andersen to strengthen cyber defenses for critical infrastructure, due to escalating risks from nation-state cyber attacks

New Leadership at CISA: Nicholas Andersen Takes Charge of Cybersecurity Mission

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Nicholas Andersen as the executive assistant director for cybersecurity, effective Tuesday.

Andersen, a U.S. Marine veteran, brings a wealth of experience in cybersecurity strategy, risk management, and intelligence operations to his new role. His career has been grounded in safeguarding national sovereignty and countering foreign threats.

Prior to joining CISA, Andersen served as the Chief Information Security Officer (CISO) at Lumen Technologies Public Sector, where he built and executed a cybersecurity strategy, advanced secure offerings, and forged public-private partnerships.

During his tenure at the Department of Energy's Cybersecurity, Energy Security, and Emergency Response (CESER) office from 2019 to 2021, Andersen directed efforts to protect the energy sector, countered Iranian cyber threats, and led disaster recovery and crisis response.

As Andersen assumes charge, Chris Butera becomes the acting deputy executive assistant director.

The cybersecurity landscape is currently fraught with significant threats and vulnerabilities. In 2024, 73% of Operational Technology (OT) and critical infrastructure organizations suffered intrusions, a marked increase from the previous year's 49%. Industrial-sector breaches averaged $5.56 million per incident, a 18% increase from 2023.

Global cybersecurity agencies have issued a joint advisory warning of ongoing malicious activity by state-sponsored Chinese Advanced Persistent Threat (APT) actors. The Chinese-backed 'Salt Typhoon' campaign has impacted U.S. telecom operators and over 200 organizations across 80 countries, targeting call records, law enforcement data, and critical infrastructure.

Russian-aligned hacktivist groups such as Z-Pentest, Dark Engine, and Sector 16 have intensified attacks on Industrial Control Systems (ICS). Russian FSB-linked hackers have exploited a seven-year-old Cisco IOS vulnerability to infiltrate U.S. ICS systems across sectors, including telecom, manufacturing, and higher education.

Besides Russia and China, Iran and North Korea have also been involved in cyberattacks targeting the critical infrastructure of the United States in recent years.

Madhu Gottumukkala, acting CISA director, expressed confidence in Andersen's ability to strengthen engagement with critical infrastructure partners. Andersen has expressed his appreciation for the vital role a robust cyber defense agency plays in securing U.S. critical infrastructure.

The joint advisory urges network defenders to hunt for malicious activity and apply mitigations to reduce the threat of Chinese state-sponsored and other malicious cyber activity. Andersen's appointment as the head of CISA's cybersecurity mission is expected to address these significant threats and vulnerabilities.

A notable incident occurred in Arkansas, where an attack on a water treatment plant forced operations to be run manually. Such incidents underscore the importance of a strong cybersecurity strategy and the role Andersen will play in protecting the nation's critical infrastructure.

Agency selects Nicholas Andersen to strengthen cyber defenses for critical infrastructure, due to escalating risks from nation-state cyber attacks