Why It Matters
The House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation convened on April 21 for a congressional hearing roundup on the Pentagon’s cyber readiness, where two newly installed defense officials defended an aggressive operational tempo while Democrats pressed on whether DOGE-driven workforce cuts have undermined the very force they are describing. The tension was clear: witnesses touted 8,000-plus missions in 2025 while the Pentagon’s own internal documentation has warned of “extreme risk for loss of service” at a critical Defense Department IT agency.
The Trump administration’s posture is broadly aligned with the hearing’s thrust. President Trump released a Cyber Strategy for America in March 2026 calling for AI-powered cyber defenses and offensive action against adversaries. But the administration’s simultaneous embrace of DOGE-led personnel reductions at the Defense Information Systems Agency creates a friction point that Democrats have been eager to exploit.
The Big Picture
This hearing is part of an annual oversight cycle. The subcommittee held a nearly identical posture review in May 2025, and the April 2026 session arrives at a moment of unusually high operational tempo. U.S. Cyber Command has been actively supporting Operation Epic Fury in Iran and Operation Absolute Resolve in Venezuela, making this one of the first public congressional assessments of cyber’s role in those active conflicts.
The hearing also lands as the House has yet to act on the Senate-passed FY2026 National Defense Authorization Act, which contains significant cyber restructuring provisions. Chair Rep. Don Bacon (R-NE) has championed a provision requiring evaluation of cyber posture in the Indo-Pacific, making this witness testimony a direct input into NDAA markup.
The Pentagon’s own Inspector General flagged cyber operations as a top institutional vulnerability in its FY2026 Management Challenges report, providing bipartisan justification for the oversight. A new DOD Cyber Strategy was also described as imminent in recent reporting, giving the subcommittee an opportunity to shape the document before finalization.
Congressional Hearing Roundup: What They’re Saying
The two witnesses, Katherine Sutton, Assistant Secretary of Defense for Cyber Policy, and Gen. Joshua Rudd, Commander of U.S. Cyber Command, presented a unified front on the strategic picture while fielding pointed questions on workforce and organizational structure.
Sutton, only the second Senate-confirmed official to hold her role, framed the threat in stark terms:
- “Our adversaries have moved beyond theft and are prepositioning disruptive capabilities inside our nation’s critical infrastructure.”
- “A purely defensive posture is no longer sufficient.”
Rudd, confirmed by the Senate 71-29 in March after scrutiny over his lack of prior cybersecurity leadership experience, anchored his case in operational output:
- “In 2025 alone, we executed more than 8,000 missions, an increase of over 25% compared to 2024.”
The tone throughout was notably collegial. No gaveling, no interruptions. But the substance revealed real gaps. When Rep. Ro Khanna (D-CA), the subcommittee’s Ranking Member, asked Rudd whether AI was used in a shooting incident in Iran, Rudd deflected: “I don’t know that I have any information related to that and defer to Honorable Sutton.” Sutton, in turn, told the committee she was “not tracking the specifics of that” and would respond in writing. The exchange illustrated the limits of what the witnesses were prepared to address in open session.
Rudd also acknowledged structural tensions within the force. When pressed on whether individual military services are prioritizing cyber adequately, he was direct: “I believe that some of the issues that are confronting CyberCom are not just a CyberCom issue. They are coming from how our services, our individual services, are prioritizing cyber forces among their other requirements.”
Political Stakes
For Rudd, this hearing was one of his first major public congressional testimonies since taking command in March. His confirmation drew a notable 29 no-votes, partly because, as Politico reported, he had held “none” of the cybersecurity leadership positions typically associated with the dual-hat NSA/CYBERCOM role. His testimony here, citing 8,000-plus missions and active combat support, was a direct effort to establish operational credibility with the House.
For Sutton, the stakes involve defending the administration’s cyber strategy while navigating questions about DOGE. Her office oversees the Pentagon’s cyber policies, which now include Cyber Command 2.0, a reform initiative she described as “the most comprehensive transformation of our cyber force since its inception.” She also confirmed the Department is supporting a National Academies independent study on whether to establish a separate cyber service branch, a question several members pressed.
For the American public, the stakes involve whether the military’s cyber readiness has been compromised during a period of active operations. The Defense Information Systems Agency, which maintains secure channels connecting the Pentagon to military assets worldwide, has seen its workforce hollowed out by DOGE-related personnel incentives, according to internal Pentagon contracting memos reported by The Intercept.
Witness Testimony Roundup: The Other Side
The witnesses pushed back on the framing that the force is degraded. Rudd argued that Cyber Command 2.0 represents a deliberate shift from quantity to quality: “Instead of continuing to just grow the numbers of the force, to work on building the mastery of the force so that the capabilities of the people that we have are deeper and have that longer time on keyboard.” Sutton echoed that recruitment depends less on pay competition with the private sector and more on mission: “One of the most compelling things to recruiting and retaining our force is our mission.”
Still, both witnesses acknowledged that roughly 80 to 90 percent of the cyber mission force is uniformed personnel, and that the reserve component represents, in Sutton’s words, “a nut we just haven’t fully cracked yet.” Rudd went further, suggesting the Department may be “some of our own impediments” when it comes to creative civilian and contractor recruitment.
What’s Next
The subcommittee’s hearing record feeds directly into House NDAA markup, where Bacon’s Indo-Pacific cyber posture provision is already in play. The Pentagon faces a June 1, 2026 deadline to standardize cybersecurity requirements across the defense industrial base, and must report cybersecurity gaps to Congress by August 31. Several witnesses promised written follow-up responses on specific timelines and implementation details, which will become part of the formal record.
The Bottom Line
The Pentagon’s top cyber officials arrived with strong operational numbers and a reform agenda, but left questions about DOGE’s impact on readiness unanswered in open session, a gap that Democrats and some Republicans will likely press in classified briefings ahead of the NDAA vote.
Access the Legis1 platform for comprehensive political news, data, and insights.
