National Security Agency Appoints New Deputy Director

Plus new cybersecurity laws proposed to bolster U.S. energy infrastructure; and more

Good morning! Welcome to the Daily Update from Cybersecurity Docket, our new daily newsletter covering what is going on in the area of incident response, AI, ransomware and more.

Here’s what’s up.

People

Fiona Phillips has joined Marks & Clerk as a partner, where she will lead the development of the firm’s new AI and cyber security legal and advisory team.

Clips ✂️

National Security Agency Announces Mr. Tim Kosiba as Next NSA Deputy Director

Today, the National Security Agency (NSA) announced that Secretary of War Pete Hegseth and Director of National Intelligence Tulsi Gabbard have designated, and President Donald J. Trump has approved, Mr. Timothy Kosiba to serve as NSA's 21st Deputy Director.

As the senior civilian leader of the agency, Mr. Kosiba will oversee strategy execution, establish policy, guide operations, and manage the senior civilian leadership. As an agency deputy in the U.S. national security system, he will support the U.S. defense and intelligence enterprise in the formulation of national security policies, and position NSA as an integrated mission partner enabling U.S. decisive advantage and security against foreign threats.

by NSA

👉The NSA has been without a deputy director since April 2025, following the dismissal of former Deputy Director Wendy Noble.

Committee pushes bills to bolster DOE cybersecurity efforts

Lawmakers on the House Energy and Commerce Committee will weigh legislation this week that would reauthorize key cybersecurity programs at the Department of Energy and establish new initiatives aimed at protecting U.S. energy infrastructure.

The hearing will provide a forum for lawmakers to evaluate bills that strengthen collaboration between the federal government and the private sector, improve detection of cyber threats, and bolster physical security, according to full committee Chair Brett Guthrie (R-Ky.) and Energy Subcommittee Chair Bob Latta (R-Ohio).

“Right now, the energy infrastructure in the United States faces numerous cyber and physical threats from sophisticated nation-state actors as well as criminals or ideologically driven hackers,” Guthrie and Latta said in a statement.

by E&E News

Announcing the National Security Division Association

The NSDA is a new membership organization for current and former employees of the National Security Division. ​ ​ ​

Our goal is to build and foster a community of current and former employees of the National Security Division dedicated to supporting the mission of the National Security Division and its workforce. The NSDA is a non-partisan, non-profit organization. […]

We facilitate the exchange of information about the work of NSD, support the division’s current and former workforce, and provide opportunities to promote NSD’s mission. As a non-partisan organization, we do not take public positions on matters of public concern. We operate as a non-profit organization solely for charitable and educational purposes.

by National Security Division Association

👉 On his LinkedIn, David Newman posted this weekend about a newly-created non-partisan, non-profit organization for current and former employees of the DOJ’s National Security Division. ​The organization is off to a strong start with a rock star group of Board members: Matt Olsen (Board Chair); Ken Wainstein, Pat Rowan, David Kris, John Carlin, Lisa Monaco, and John Demers.

Cyber risk in 2026: What executives must know about AI, fraud, geopolitics and more

Rapid technological change, geopolitical volatility and widening capability gaps are reshaping the cyber landscape, transforming it into a catalyst for progress and vector of profound risk, according to the World Economic Forum's Global Cybersecurity Outlook 2026.

“The result is a fast-paced, metamorphic landscape,” the report states, adding that “cybersecurity is a frontier where collaboration remains not only possible, but powerful.”

The report, released ahead of the Forum's Annual Meeting in Davos, Switzerland, draws on a survey of C-Suite executives and industry experts, identifying the various trends influencing the cyberspace.

by World Economic Forum

UK revamps Cyber Action Plan, launches Government Cyber Unit in £210m push to secure public services

The U.K. has rebooted its Cyber Action Plan, backed by UK£210 million in funding to strengthen cyber resilience across government. Led by a new Government Cyber Unit, the plan targets rising cyber threats by accelerating improvements to how public sector systems are secured, aiming to ensure citizens can access essential services such as benefits, tax systems, and healthcare with greater confidence.

The new plan aims to rapidly strengthen cyber defences and digital resilience across government departments and the wider public sector, reinforcing public trust that data and essential services are protected. The strategy underpins the U.K. government’s push to digitize public services, expanding online access, cutting time lost to phone queues and paperwork, and allowing citizens to receive support without repeatedly sharing the same information across departments. If delivered effectively, this approach could unlock up to £45 billion in productivity savings through the smarter use of technology across the public sector.

by Industrial Cyber

Researchers rush to warn defenders of max-severity defect in n8n

Researchers warn that a critical vulnerability in n8n, an automation platform that allows organizations to integrate AI agents, workflows and hundreds of other enterprise services, could be exploited by attackers to achieve full control of targeted networks.

The maximum-severity vulnerability — CVE-2026-21858 — affects about 100,000 servers globally, according to Cyera, which initially discovered and reported the defect to n8n on Nov. 9. Developers responsible for the widely used platform released a patch for the vulnerability on Nov. 18, but didn’t publicly disclose or assign the vulnerability a CVE until Wednesday.

“The risk is massive,” Dor Attias, security researcher at Cyera Research Labs, told CyberScoop. “n8n sits at the heart of enterprise automation infrastructure. Gaining control of n8n means gaining access to your secrets, customer data, CI/CD pipelines and more.”

by CyberScoop

NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.”  The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI.

…  

For entities or stakeholders that might be interested in offering feedback on the preliminary draft, NIST is planning to host a workshop on January 14, 2026, to discuss the draft.  The Profile is also open for comment until January 30, 2026. 

by Global Policy Watch

X