The U.S. House Committee on Homeland Security held an oversight hearing titled Oversight of the Department of Homeland Security: CISA, TSA, S&T, examining how civilian and government networks, transportation systems, and critical infrastructure are confronting an increasingly complex and dangerous threat environment.
Witnesses at the hearing included Madhu Gottumukkala, acting director of the CISA (Cybersecurity and Infrastructure Security Agency); Ha Nguyen McNeill, senior official performing the duties of the administrator at the Transportation Security Administration; and Pedro Allende, under secretary for the Science and Technology Directorate. They focused on the pressures created by sophisticated adversaries, emerging technologies, expiring federal authorities, and persistent bureaucratic inefficiencies.
“Over the past two decades, threats facing our nation’s aviation, transportation, and critical infrastructure have only risen,” Andrew R. Garbarino, a New York Republican and chairman of the House Committee on Homeland Security, said in his opening statement. “Today’s risks are far more diverse, complex, and technologically advanced, and the motivations and methods of our adversaries have shifted rapidly with emerging technologies.”
Recognizing that traditional terror tactics have given way to more sophisticated methods of attack, Garbarino mentioned that “Cybersecurity is now at the forefront of these conversations, with adversaries attempting to take down our transportation systems through digital means. Similarly, the potential for coordinated attacks using drones to disrupt flights or deliver explosives represents a new, and growing, frontier of security threats.”
He also noted that rapid advances in emerging technologies, including AI, are further accelerating the scale, speed, and sophistication of these cyber operations.
“In cyberspace, the United States is operating in a highly contested environment,” Garbarino identified. “Congress created CISA to serve as the Nation’s lead civilian cyber defense agency to meet this reality. CISA’s responsibilities include securing federal civilian networks, supporting owners and operators of critical infrastructure, and coordinating with the private sector to reduce systemic cyber risk. That mission has grown more consequential as adversaries become more capable, patient, and willing to operate inside U.S. networks for extended periods of time.”
He highlighted that the Committee supports the administration’s goal of aligning Department resources toward urgent homeland security priorities, while at the same time, workforce continuity, clear leadership, and mission readiness are essential to effective cyber defense. “The professionals at CISA are some of the most experienced cybersecurity experts in the federal government, and preserving that expertise must remain a priority.”
For industrial operators and OT security leaders, the Homeland Security hearing is more than a policy check-in; it is a clear signal of where federal cyber and infrastructure protection is heading. The discussion around CISA’s mission-first reset, its focus on protecting pipelines, financial systems, and other critical assets, and its push to close cyber-physical risk gaps speaks directly to the realities facing industrial environments, where digital compromise can trigger physical disruption, safety incidents, and prolonged downtime. The emphasis on emerging threats such as AI-driven attacks, long-dwell intrusions, and drone-enabled disruption mirrors the evolving threat model confronting OT networks.
At the same time, developments around CIRCIA (Cyber Incident Reporting and Critical Infrastructure Act of 2022) rulemaking, emergency directives, endpoint detection and response expansion, and workforce rebalancing point to tighter regulatory expectations, heavier reporting obligations, and deeper federal involvement in how industrial cybersecurity is governed and operationalized. The hearing offers a forward-looking view of how compliance pressure, federal-industry coordination, and resilience requirements are likely to intensify for critical infrastructure owners and operators.
Underlining the CISA’s priorities to protect the nation’s critical infrastructure from cyber and physical threats, Gottumukkala mentioned in his written testimony that his agency’s “work today is squarely aligned with the agency’s original statutory purpose. That means working with government and private sector partners to protect our financial systems, safeguard our pipelines, and ensure the digital and physical systems our nation depends on to remain resilient against disruption from possible cyberattacks.”
He outlined that the CISA will reinvigorate its mission-first approach and will be launching targeted initiatives designed to close the most pressing risk gaps facing critical infrastructure – particularly where cyber threats intersect with real-world consequences. “These efforts are intentionally scoped, operationally focused, and aligned with the Trump Administration’s broader goals and priorities of efficiency, accountability, and impact. We are prioritizing what works from previous lessons learned, eliminating duplication, and ensuring every new service or product we release directly advances CISA’s statutory mission and responsibilities.”
Over the past year, CISA has focused its work on efforts aligned with the agency’s statutory priorities. These have included reinforcing federal civilian network defense, supporting critical infrastructure nationwide in defending against physical and cyber threats, and delivering security directly to state and local governments by offering an array of no-cost resources and tools such as technical assistance, exercises, and cybersecurity assessments. The agency has also continued to share threat information and mitigation guidance in a faster, more integrated way.
Gottumukkala said that the CISA is leading the fight against malign actors. “We strengthened our operational capabilities to detect and to respond to cyber threats, deepened collaboration across government and industry, and continued to provide guidance to the critical infrastructure community to reduce vulnerabilities and systemic risk across our nation’s most critical systems and functions as malign actors seek to exploit our Nation’s vulnerabilities.”
“Under the Trump Administration, CISA is focused on our number one priority: protecting and defending the American people,” according to Gottumukkala. “CISA’s work has reduced the impact of cyber incidents and helped to ensure that Americans could continue to use the critical infrastructure functions they rely on. The agency also continues to share threat and incident reports, coordinate intelligence across the Federal Government, and partner through structured meetings and threat briefings to strengthen resilience nationwide.”
He added that as the operational lead for federal cybersecurity, and as part of its mission to protect and defend federal civilian networks, CISA strengthened its work with each department and agency to promote the adoption of risk-based common policies and best practices to respond to the ‘ever-evolving’ threat landscape.
Gottumukkala noted that Kristi Noem, the Secretary of the Department of Homeland Security (DHS), recognizes that cybersecurity is national security, and in 2025, under her leadership, CISA issued three emergency directives to protect federal networks from critical vulnerabilities and cyber threats. He also detailed that the CISA scaled its Endpoint Detection and Response (EDR) technology, giving analysts near real-time visibility to detect and stop advanced threats.
He mentioned that the agency is “currently reviewing public comments on the proposed rule for the Cyber Incident Reporting and Critical Infrastructure Act of 2022, or CIRCIA. CISA appreciates the input it received from Congress and the public about aligning with Congressional intent and streamlining the CIRCIA requirements. CISA is also cognizant of the concerns raised regarding the scope and burden of the rule and improving harmonization of CIRCIA with other federal cyber incident reporting requirements. CISA is considering this feedback as it works to issue a final rule. I look forward to continuing to engage with Congress on these efforts and providing updates as the final rule process nears its completion.”
“In 2026, CISA will continue to right-size and rebalance its workforce by prioritizing highly technical professionals in mission-critical roles, including cybersecurity operators and infrastructure security experts,” according to Gottumukkala. “These targeted positions will support frontline critical infrastructure owners and operators across every region in the United States in reducing their long-term risks. We will execute our hiring authorities while remaining consistent with the Administration’s efforts to streamline the government workforce, control cost, and maximize return.”
