CISA Names Acting Head of National Risk Management Center to Permanent Role

The Cybersecurity and Infrastructure Security Agency announced on Friday that it has selected Mona Harrington to serve as the permanent assistant director of the agency’s National Risk Management Center, or NRMC.

Harrington, who joined CISA in February 2022 as the NRMC’s deputy assistant director, has been serving as the center’s acting assistant director and chief since March. The NRMC is responsible for CISA’s collaborative risk management efforts when it comes to defending against cyber and physical threats to critical infrastructure, and also houses the agency’s election security team. 

“It’s an honor to be leading the NRMC at such an exciting time," Harrington said in a statement. "Our analysis and insights drive visibility into infrastructure risks that benefit both the private and public sectors, enabling prioritized and coordinated risk mitigation planning. I’m excited to work with the great NRMC team and our partners across government and industry to drive down risk to our critical infrastructure.”

In a statement announcing Harrington’s appointment, CISA Director Jen Easterly said she was thrilled to have Harrington helming the agency’s center on a permanent basis. 

“Her extensive experience in cybersecurity, election security and risk management make her the ideal executive to lead the NRMC as it evolves to meet the threats of today and tomorrow,” Easterly said. “The cyber and physical risks facing our nation’s critical infrastructure are vast and complex; NRMC’s work is essential to ensuring our collective resources are having the greatest impact on security and resilience.” 

Prior to joining CISA earlier this year, Harrington served as the executive director and the chief information and security officer at the Election Assistance Commission. As the EAC’s executive director, Harrington worked closely with CISA on initiatives related to election infrastructure security. Harrington also spent 17 years in various cybersecurity and information technology leadership roles in the judiciary system, where she oversaw multiple teams responsible for protecting data, software and systems. 

Bob Kolasky, who helped establish the NRMC in 2018 and previously served as the NRMC’s assistant director before leaving for a job in the private sector in March, told Nextgov that Harrington “has the right combination of technical expertise in cyber and critical infrastructure risk management, leadership experience and understanding of complex stakeholder environments to thrive” in her now-permanent role. 

“The job requires someone who is willing to listen to partners and use feedback to develop innovative approaches to risk analysis and management,” Kolasky said. “Mona is well suited to do that.” 

Nextgov Senior Correspondent Mariam Baksh contributed to this story.