The Cybersecurity and Infrastructure Security Agency (CISA) has replaced its acting director after what TechCrunch calls "a bumbling year on the job."

That's unusually blunt language for a trade publication covering a government agency. It also happens to be accurate.

The agency responsible for protecting America's critical infrastructure from cyber threats has spent the past year lurching from one misstep to another. Delayed alerts, missed briefings, botched communications during active incidents - the kind of operational failures that would get you fired from a startup, let alone a federal agency.

CISA's job is to be the central nervous system for cybersecurity in the U.S. When a major vulnerability drops, they're supposed to coordinate the response. When critical infrastructure gets hit, they're supposed to have a plan. This past year, they've done neither particularly well.

Here's what worries me: CISA was created specifically because previous approaches to cybersecurity coordination weren't working. It was supposed to be the solution. If the solution itself is failing, we're back to square one - except now adversaries are more sophisticated and the stakes are higher.

The new director inherits an agency that desperately needs to rebuild credibility with the private sector. Tech companies share threat intelligence with CISA when they trust the agency to handle it properly. That trust evaporated over the past year.

I've worked with government cybersecurity initiatives. The people on the ground are usually competent and dedicated. The problem is almost always leadership and bureaucracy. Replacing the director might help. But if the underlying structural issues aren't addressed, we'll be having this same conversation in another year.

The technology to protect critical infrastructure exists. The question is whether we have the institutional competence to deploy it.