{"id":174042,"date":"2026-01-02T13:29:00","date_gmt":"2026-01-02T18:29:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/five-things-to-watch-in-cybersecurity-for-2026\/"},"modified":"2026-01-02T13:40:09","modified_gmt":"2026-01-02T18:40:09","slug":"five-things-to-watch-in-cybersecurity-for-2026","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/five-things-to-watch-in-cybersecurity-for-2026\/","title":{"rendered":"Five things to watch in cybersecurity for 2026"},"content":{"rendered":"

Five things to watch in cybersecurity for 2026<\/a><\/p>\n

https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/01\/five-things-to-watch-in-cybersecurity-for-2026\/<\/a><\/p>\n

Publish Date: 2026-01-02 13:29:00<\/a><\/p>\n

Source Domain: federalnewsnetwork.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The past year in federal cybersecurity policy was full of uncertainty, as a change in administration, expiring authorities and the emergence of artificial intelligence converged and led to plenty of questions about the future of the cybersecurity landscape.
\nGoing into 2026, cyber policymakers and experts are expecting some clarity, especially around the interplay of AI and cyber. Here are five things to watch when it comes to federal cyber issues as the new year gets underway:
\nNew national cyber strategy
\nThe White House is expected to issue a new national cyber strategy early in the new year. During an appearance at the Aspen Institute\u2019s Cyber Summit in November, National Cyber Director Sean Cairncross said the strategy won\u2019t be a lengthy document.
\n\u201cIt\u2019s going to be a short statement of intent and policy and then it will be paired very quickly with action items and deliverables under that,\u201d Cairncross said. \u201cAs a topline matter, it\u2019s going to be focused on shaping adversary behavior, introducing costs and consequences into the mix.\u201d]]><\/p>\n

Cairncross said the strategy will feature six pillars. And he said the Office of the National Cyber Director is also working on a \u201cworkforce initiative\u201d to address cyber talent gaps.
\n\u201cThere\u2019s over half a million cyber jobs just on the decks now that need filling and there will be a need for more,\u201d Cairncross said. \u201cWe need to align industry incentives, academic incentives, vocational school incentives, [venture capital] and bring them together collaboratively to better the workforce for the country.\u201d
\nMorgan Adamski, a former National Security Agency leader and executive at PWC, said the cyber strategy\u2019s expected focus on influencing adversarial behavior and offensive cyber operations points toward a shift toward \u201cactive defense.\u201d
\n\u201cActive defense is essential because it shifts security from a passive, reactive posture to a proactive one that actively reduces risk,\u201d Adamski told Federal News Network. \u201cInstead of waiting for threats to materialize and cause damage, active defense emphasizes continuous monitoring, rapid detection, and timely response. This approach shortens the window between intrusion and containment, limits the attacker\u2019s ability to escalate, and protects critical assets before harm spreads. In an environment where threats evolve quickly and adversaries adapt, relying solely on static controls is insufficient.\u201d
\nAI and cyber
\nIndustry will be closely reading the strategy for what it says about the multifaceted issue of AI. Cyber experts generally divide the issue into three broad categories: securing AI systems and data; defending against AI-enabled cyber attacks; and using AI for cyber defense.
\nDrew Bagley, Crowdstrike\u2019s vice president for privacy and cyber policy, pointed to how federal agencies have embraced the \u201czero trust\u201d concept in recent years, as well as technologies like endpoint detection and response, and log management.
\n\u201cNow it\u2019s going to be increasingly important to think about how those same concepts are applied to AI,\u201d Bagley told Federal News Network. \u201cIf AI is going to continue to be embraced at this rapid speed without there being visibility into what\u2019s going out the door with AI, then you have a problem. You have another attack surface.\u201d]]><\/p>\n

Bagley said he\u2019s watching for the Cybersecurity and Infrastructure Security Agency to provide the federal government with leadership on AI security.
\n\u201cCISA can provide guidance to those who are implementing AI in federal agencies as far as what the security standards need to be to make sure that that AI is secure and that AI is not introducing a security threat in and of itself,\u201d he said.
\nMeanwhile, agency chief information security officers are also considering how they can use AI to improve cyber defenses. Adamski said CISOs will have to focus on both securing AI systems and harnessing AI for cybersecurity at the same time.
\n\u201cAI is becoming a genuine force multiplier for defense, especially in security operations where teams are overwhelmed and attackers move fast,\u201d she said. \u201cIt can improve detection, speed up investigation, enhance threat hunting, and help prioritize what matters most. In many environments, that kind of leverage is the difference between containing an incident quickly and getting buried by volume.\u201d
\nCISA 2015 reauthorization
\nWhile Congress typically doesn\u2019t move major pieces of legislation during an election year, the reauthorization of cybersecurity information sharing authorities remains a pressing priority when lawmakers return from their holiday recess.
\nThe Cybersecurity Information Sharing Act of 2015 lapsed on Oct. 1. Congress gave it a temporary revival as part of the continuing resolution to reopen the government, but the CISA 2015 authorities are set to expire again on Jan. 30.
\nReauthorizing the law has broad bipartisan support, including from the White House. But House Homeland Security Committee Chairman Andrew Garbarino (R-NY) has acknowledged the path to reauthorizing CISA 2015 remains murky at best.
\nIn the House, lawmakers have advanced Garbarino\u2019s bill, the Widespread Information Management for the Welfare of Infrastructure and Government Act (WIMWIG Act), through the committee. The bill\u00a0would extend CISA 2015 for another decade and provide key definitional updates.
\n\u201cOur colleagues in the Senate have different ideas. Some of them want to do a 10-year clean [reauthorization]. I don\u2019t know if I can get that passed in the House, with concerns from the Freedom Caucus,\u201d Garbarino said at an event hosted by Auburn University\u2019s McCrary Institute in December.]]><\/p>\n

Meanwhile, Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul (R-Ky.) also opposes a \u201cclean\u201d reauthorization due to his concerns about agencies working with social media companies on disinformation, which occurred under separate authorities from CISA 2015.
\n\u201cI don\u2019t know how it gets done on its own,\u201d Garbarino said. \u201cI feel like we have to attach it to another piece of legislation, whether that\u2019s government funding. But we need it passed and unfortunately I don\u2019t think we\u2019re close enough with the discussions on the Senate to figure out which bill will pass and what will get done.\u201d
\nThe upshot, Garbarino continued, is another possible short-term extension of CISA 2015.
\n\u201cWhich is unfortunate because we worked very hard to get our bill out of committee,\u201d he added. \u201cIt took a lot of requests or advice from the private sector on updates. So we love our piece of legislation that we got done. When you get the trial attorneys to not object to your bill giving liability protection, that\u2019s a pretty good thing.\u201d
\nCIRCIA rule
\nCISA the agency, meanwhile, is set to issue a landmark cyber incident reporting rule that will apply to vast swaths of the 16 U.S. critical infrastructure sectors.
\nCongress passed the Cyber Incident Reporting for Critical Infrastructure Act in 2022. The law generally requires critical infrastructure organizations \u2013 in sectors like energy, water and telecommunications \u2013 to report significant cyber incidents to CISA within 72 hours.
\nThe law represents the most far-reaching federal cybersecurity regulation ever passed by Congress.
\nIn 2024, CISA released a proposed rule to implement the law. At the time, the agency estimated the rule will apply to some 316,000 entities across the country.
\nIndustry has criticized the proposed rule for being overly broad and is also encouraging CISA to \u201charmonize\u201d the rule with many existing cyber incident reporting mandates.
\nThe Trump administration has delayed the release of the final rule until May 2026, providing CISA with more time to respond to those concerns.
\nCyber leader gaps
\nMeanwhile, CISA also heads into 2026 without a Senate-confirmed leader. Trump nominated Sean Plankey to serve as CISA director in March. But Plankey\u2019s nomination has been held up in the Senate for various reasons.
\nMost recently, Sen. Jacky Rosen (D-Nev.) has placed a hold on Plankey\u2019s nomination due to concerns about the Coast Guard\u2019s implementation of a new hate speech policy. Plankey has been serving as a senior advisor in the Coast Guard.
\nMeanwhile, the National Security Agency and U.S. Cyber Command is also still under acting leadership at the start of the new year.
\nThe dual-hat role of NSA director and CYBERCOM commander is a key cybersecurity post, especially with the Trump administration\u2019s emphasis on offensive cyber operations. The role had been held by Air Force Gen. Timothy Haugh, but Trump ousted Haugh in April, reportedly at the behest of far-right influencer Laura Loomer.
\nAccording to multiple reports, Trump now intends to nominate Army Lt. Gen. Joshua Rudd to lead the NSA and CYBERCOM.
\nAnd in Congress, Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) announced that he will not seek re-election in 2026, meaning he will retire effective January 2027. Peters has been one of the most influential members of Congress on cyber policy over the last decade.
\n Copyright
\n \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Five things to watch in cybersecurity for 2026 https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/01\/five-things-to-watch-in-cybersecurity-for-2026\/ Publish Date: 2026-01-02 13:29:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":174043,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2024\/08\/Cyber-threat.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24],"class_list":["post-174042","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174042"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=174042"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174042\/revisions"}],"predecessor-version":[{"id":174044,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174042\/revisions\/174044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/174043"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=174042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=174042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=174042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}