The U.S. Cybersecurity and Infrastructure Security Agency (CISA) appointed Nicholas Andersen on Tuesday as the executive assistant director for cybersecurity. Having been on the frontlines of defending America’s critical infrastructure, with a career grounded in safeguarding national sovereignty and countering foreign threats, Andersen’s expertise spans cybersecurity strategy, risk management, and intelligence operations, including leadership roles in the first administration of President Donald Trump, where he worked to secure and modernize cyber defenses across the energy sector.
As the head of CISA’s cybersecurity mission, Andersen’s appointment is expected to address significant cyber threats and vulnerabilities while focusing on increasing the security and resilience of U.S. critical infrastructure. As he assumes charge in the new role, Chris Butera, acting executive assistant director for cybersecurity, has taken over the role of acting deputy executive assistant director.
“I am pleased to welcome Nick Andersen to our CISA leadership team,” Madhu Gottumukkala, acting CISA director, said in a media statement. “His broad experience across business, government, and technology uniquely positions him to strengthen our engagement with critical infrastructure partners, helping them better assess risk and elevate their security posture. I look forward to working with him as we advance our mission and safeguard the resilience of our nation during this pivotal time.”
“I am honored to have the opportunity to join CISA and the trust placed in me by President Donald Trump and Secretary Kristi Noem,” said Andersen. “Having led organizations in both the public and private sectors, I deeply appreciate the vital role a robust cyber defense agency plays in securing our nation’s critical infrastructure. My career has been dedicated to defending America, and I look forward to continuing that mission at CISA.”
Andersen, a U.S. Marine veteran, joins CISA with a record of leadership across government and industry. As president and COO of Invictus, he oversaw cybersecurity, intelligence integration, and technology delivery for federal and commercial partners. Earlier, as CISO at Lumen Technologies Public Sector, he built and executed a cybersecurity strategy, advanced secure offerings, and forged public-private partnerships.
From 2019 to 2021, he served as principal deputy assistant secretary and acting assistant secretary for the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response (CESER) office, where Andersen directed efforts to protect the energy sector, countered Iranian cyber threats, and led disaster recovery and crisis response.
Andersen steps into his new role at a moment when U.S. critical infrastructure is under unrelenting assault, from Russian reconnaissance operations, Chinese espionage campaigns, to hacktivists increasingly targeting ICS (industrial control systems) environments. Adversaries are escalating from espionage to disruptive, high-cost attacks, raising the stakes for U.S. critical infrastructure.
Russian FSB-linked hackers have exploited a seven-year-old Cisco IOS vulnerability to infiltrate U.S. ICS systems across sectors, including telecom, manufacturing, and higher education, gaining persistent access to device configurations for reconnaissance. At the same time, the Chinese-backed ‘Salt Typhoon’ campaign has impacted U.S. telecom operators and over 200 organizations across 80 countries, targeting call records, law enforcement data, and critical infrastructure.
Russian-aligned hacktivist groups such as Z-Pentest, Dark Engine, and Sector 16 have also intensified attacks on ICS systems, with Z-Pentest alone executing 38 ICS attacks in Q2 2025, more than double its previous quarter activity. The consequences are severe. In 2024, industrial-sector breaches averaged $5.56 million per incident, an 18% increase from 2023, and an attack on the Arkansas water treatment plant forced operations to be run manually. Overall, 73% of OT and critical infrastructure organizations suffered intrusions in 2024, up from 49% the previous year.
Just last week, global cybersecurity agencies issued a joint advisory warning of ongoing malicious activity by state-sponsored Chinese APT actors. The advisory warns of a deliberate and sustained campaign by these actors to gain long-term access to global critical infrastructure networks. The agencies strongly urge network defenders to hunt for malicious activity and apply the mitigations in the advisory to reduce the threat of Chinese state-sponsored and other malicious cyber activity. The advisory disclosed that APT actors have been conducting malicious operations worldwide since at least 2021.
