The U.S. House Committee on Homeland Security convened a hearing to review the Department of Homeland Security’s (DHS) proposed budget for Fiscal Year (FY) 2026, featuring testimony from DHS Secretary Kristi Noem. She delivered her testimony as lawmakers voiced alarm over escalating cyber threats, particularly from China, and potential vulnerabilities in national infrastructure.
“Most notably, malicious cyber actors associated with the Chinese government have targeted us with some of the most sophisticated and sustained hacking operations we have ever seen,” Mark E. Green, a Republican representative from Tennessee and House Committee on Homeland Security chairman, said in his opening remarks at the DHS budget hearing with Secretary Noem. “The Salt and Volt Typhoon intrusions revealed significant gaps in our cybersecurity posture, compromising Americans’ private data and key sectors of our critical infrastructure.”
He added, “We have not forgotten devastating incidents like the Colonial Pipeline attack in the spring of 2021, which led to oil and gas shortages across the country and lines at almost every gas station. We cannot stay ahead of these evolving cyber threats if we do not have the right people with the right skills to defend our nation.”
Green highlighted that over 500,000 cybersecurity positions across this country, in both the public and private sectors, are currently unfilled. “That’s half a million cyber professionals not on the frontlines to defend us from the malicious activity jeopardizing our national security.”
He added, “That’s why I introduced the Cyber PIVOTT Act, which would create an ROTC-style scholarship program enabling men and women across this country to gain hands-on experience in cybersecurity or related fields in exchange for a period of required government service, across any level of government.”
Earlier this year, the Committee favorably reported the Act to the House. Democrat Senator Gary Peters, ranking member of the Homeland Security and Governmental Affairs Committee, and Senator Mike Rounds, chairman of the Senate Armed Services Committee’s Subcommittee on Cybersecurity, introduced companion legislation.
DHS stresses on need for unified cyber defense strategy
Noem mentioned in her written testimony a dramatic increase in cyber operations to prevent threats and address vulnerabilities within the federal government. “This effort goes hand-in-hand with our critical infrastructure efforts, as China and other nation-states are often leveraging the same tools and tactics to weaken and spy on the U.S. Our unique authorities and positioning between the Intelligence Community, law enforcement, industry, and international partners is critical to understanding cyber adversary intent and applying critical protections domestically.”
She recognized that the threat landscape targeting the U.S. homeland through cyberspace is evolving at an unprecedented pace. The Cybersecurity and Infrastructure Security Agency (CISA) continues to proactively address this dynamic environment, working to prevent cyberattacks launched by foreign adversaries and cybercriminals. These attacks are increasing in frequency, scope, and severity, as evidenced by the recent cyber espionage campaign attributed to the threat actor known as Salt Typhoon. The campaign compromised the private communications of several high-profile individuals, underscoring the persistent intent of malicious actors to undermine national security.
Noem added, “Every day, the Department of Homeland Security works with government, industry, and international partners to prevent, detect, and respond to cyber intrusions to U.S. critical infrastructure.”
Cuts to CISA funding raise alarms
The U.S. Office of Management and Budget (OMB) submitted President Donald Trump’s topline discretionary budget request for fiscal year 2026 to Congress earlier this month. The administration has proposed a budget that reduces funding for the CISA by approximately US$491 million, which could significantly reduce the agency’s capacity to support cybersecurity initiatives, including those that protect operational technology (OT) and critical infrastructure. The proposed budget also seeks to refocus FEMA on core emergency management by cutting programs viewed as wasteful, ideologically driven, or duplicative.
The administration also claims that CISA has drifted from its primary cybersecurity mission, focusing instead on content moderation and public relations. This alleged shift may have contributed to mismanagement and increased risk to U.S. critical systems, including those that rely on industrial control systems (ICS) and SCADA networks.
Additionally, the proposed 2026 budget aims to realign CISA’s priorities toward core cybersecurity functions, particularly when it comes to the protection of national critical infrastructure. The budget reduction could undermine collaborative efforts between CISA, the DHS, academic institutions, and private sector operators of critical infrastructure.
Earlier this month, members of the U.S. House Committee on Homeland Security reached out to Noem, requesting a comprehensive threat assessment concerning the People’s Republic of China’s (PRC) expanding intelligence and security collaboration with the Republic of Cuba (Cuba). At least four PRC-linked signals intelligence facilities have been established in Cuba, just 90 miles off the coast of Florida.
