Six career employees at the Cybersecurity and Infrastructure Security Agency (CISA) were placed on paid administrative leave this summer after organizing a polygraph test that Acting Director Madhu Gottumukkala reportedly failed. The Department of Homeland Security (DHS) launched an investigation into whether staff provided false justification for the test, which followed Gottumukkala’s request for access to highly sensitive cyber intelligence.
Interviews with current and former U.S. cybersecurity officials reveal growing concern over the incident and its fallout, which had not been previously reported. Career staff and former Trump administration appointees described widespread frustration, citing leadership failures and fear of retaliation. Several officials said the episode raised serious questions about accountability at the nearly $3 billion cyber defense agency.
DHS disputed claims that Gottumukkala failed an official polygraph, stating the test was unsanctioned and improperly arranged by staff without leadership approval. Agency spokesperson Tricia McLaughlin said the employees were suspended pending the investigation and emphasized that Gottumukkala retains full support from DHS leadership.
Ongoing leadership uncertainty has intensified tensions at CISA. The agency has faced significant staffing losses, budget cuts, and the absence of a Senate-confirmed director since January. With Trump’s nominee still awaiting confirmation, Gottumukkala may continue leading the agency, a prospect that several cybersecurity officials say raises concerns about judgment and stability during a critical period for U.S. cyber defense.
Read More: Russia Denies Advancements in Ukraine Peace Negotiations
The polygraph incident
Gottumukkala failed a polygraph test in late July, according to multiple current and former officials. The test was conducted to determine whether he could access one of the most sensitive intelligence programs shared with CISA by another intelligence agency.
That intelligence was classified as a controlled access program, restricting distribution to personnel with a verified need-to-know and requiring a counterintelligence polygraph before access. While most CISA employees never handle such material, polygraphs are widely used across the U.S. intelligence community to protect highly classified information and, more recently, to identify potential leaks.
Senior officials questioned whether Gottumukkala needed access to the program, noting that even prior deputy directors had not reviewed it. An initial request submitted by mid-level staff was denied in early June due to limited authorized slots and a lack of urgency. A Senate-confirmed director traditionally makes access decisions for the program.
After the senior official who denied the request was placed on administrative leave for unrelated reasons, a second request—signed by Gottumukkala—was approved in early July. Officials said he declined advice from trusted aides and was warned that previous CISA leaders had avoided the polygraph because the access was not essential to their roles. Less-classified intelligence was available without testing, yet Gottumukkala continued to pursue full access.
Several officials said Gottumukkala expressed confidence he would pass the polygraph and later claimed he acted on staff guidance. Others dismissed DHS claims that the test was unsanctioned, arguing that senior leaders must ultimately approve such requests themselves.
The aftermath
Officials interviewed said they could not definitively explain why Gottumukkala did not pass the July polygraph, noting that such tests can be affected by anxiety or technical issues and are generally considered unreliable as legal evidence.
Days after the examination, DHS moved to discipline career staff involved in arranging the test. On Aug. 1, at least six employees received letters temporarily suspending their access to classified information for allegedly providing false or misleading guidance about the polygraph requirement. The letters cited concerns about judgment, reliability, and adherence to security protocols.
Three days later, those staff members were placed on paid administrative leave pending an investigation. The affected employees included senior and junior officials across CISA’s security, leadership, and intelligence divisions. None responded to requests for comment.
The DHS acting general counsel is overseeing the investigation, a common approach for politically sensitive cases involving tensions between career staff and political leadership, according to former DHS general counsel Stewart Baker.
Officials said it remains unclear whether Gottumukkala informed senior leadership that he had been advised access to the classified program was unnecessary or that he personally approved a second access request. Some DHS officials reportedly argued he could have sought a waiver to avoid the polygraph, an uncommon option that career staff may not have known existed.
Several officials criticized DHS for targeting staff who carried out the acting director’s instructions. “He ultimately chose to take the polygraph,” one official said. “There is only one person responsible for that decision.”
Sources also said it is unclear whether DHS reviewed Gottumukkala’s conduct following the failed test, raising concerns given CISA’s access to highly sensitive data of interest to foreign adversaries and cybercriminals.
Frequently Asked Questions
Who is Madhu Gottumukkala?
Madhu Gottumukkala is the acting director of the Cybersecurity and Infrastructure Security Agency (CISA).
Why was a polygraph test conducted?
The polygraph was required to determine eligibility to access a highly sensitive, controlled intelligence program.
Did Gottumukkala officially fail the polygraph?
Multiple officials say he did, though DHS disputes that he failed a sanctioned polygraph.
Why were CISA staff placed on leave?
DHS alleges staff misled leadership about the need for a polygraph, prompting an internal investigation.
How many employees were affected?
At least six career CISA employees were suspended and later placed on paid administrative leave.
Are polygraph tests legally reliable?
Polygraph results are generally not admissible in U.S. courts due to reliability concerns.
Why does this incident matter for CISA?
The episode raises questions about leadership judgment, accountability, and security at a critical U.S. cyber defense agency.
Conclusion
The polygraph controversy has exposed deeper leadership and accountability challenges within CISA amid heightened cybersecurity risk. While the circumstances surrounding the failed test remain disputed, the decision to discipline career staff who carried out leadership directives has intensified internal tensions and raised concerns about governance and judgment.
