Congressional Cyber Priorities: Budget, Policy, Coordination Part 2 of 2 Artwork

HSDF THE PODCAST

The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.

All Episodes

HSDF THE PODCAST

Congressional Cyber Priorities: Budget, Policy, Coordination Part 2 of 2

October 15, 2025 • Homeland Security & Defense Forum

Welcome to “HSDF THE PODCAST,” a collection of policy discussions on government technology and homeland security brought to you by the Homeland Security and Defense Forum

In this episode, we pull back the curtain on the complex world of cybersecurity oversight, revealing the delicate balance between streamlining CISA's operations and preserving its essential capabilities. This candid conversation offers a rare glimpse into how Congress shapes America's digital defense strategy during a time of escalating threats.

Featuring:

Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection
Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection
Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator)

This discussion took place July 23rd, 2025, at HSDF’s Cybersecurity Symposium, Navigating Cybersecurity Strategies in a Volatile World

Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 0:00

One of the things, Alexandra, that Maura mentioned is appreciating the need to streamline, and that, I think, is language that I've also heard from both Chairman Green and Garbarino of saying there maybe needs to be some refocusing and in general, there's some alignment with what the administration wants to do on some of CISA's mission. At the same time, I think I've heard from both of the chairmen that you don't want to cut into muscle right Like you want to ensure that there are core capabilities there. As you look at how the administration in its first seven months is approaching these problems, what's kind of on your mind from an oversight perspective and how you walk the line of saying, yes, we need to streamline, but we also need to maintain core capabilities?

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 0:43

Yeah, I think it's an important question, and one thing I do want to say is that Chairman Garbrino has always been a big advocate for CISA. I think he wants to see CISA be successful and to work well, and so I think this oversight function is very important. We want to make sure that they are set up for success. It's something from the committee perspective that we've realized for a while that CISA grew pretty quickly in authorities and resources, and so it's been on our minds even prior to this administration of something we needed to look at to make sure that they were really being effective. So when you call CISA, they're able to respond, they have the right resources, they have the tools, they have the people. So I think that this assessment was due for us to take a look. I think we're very hopeful that Sean Planky can get confirmed. He has his hearing tomorrow and that will help provide some direction for the way forward for CISA.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 1:41

From a committee perspective, I think just a couple areas that we have been looking at actually predominantly is looking at CISA's dual role as a sector risk management agency for eight of the 16 critical infrastructure sectors and as the national coordinator for sector risk management agencies.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 2:01

I think, from our perspective, that is a really key role that they play, one that can't be filled by any other government agency, and so it's somewhere where we want to make sure that they are able to fully perform their duties in each of those sectors.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 2:16

One area that we have at least started with is, on the communication sector, in light of Salt Typhoon, making sure that they are fully performing that role. We know that sector specific plans have not been updated since 2015. So I think those are some areas we want to make sure they're set up for success and then, in line with even looking at CISA 2015 reauthorization, this is a really important part in feeding into CISA's role as national coordinator of sector risk management agencies. We want them to be able to proactively share information, to be tracking trends, to provide that needed analysis to critical infrastructure owners and operators so that they can protect their networks. Also, we know that critical infrastructure owners and operators some sectors are just more mature than others. They're very vulnerable. We want to make sure that they are getting the support that they need, especially small to medium-sized businesses, those that are located in rural areas, and CISA can play a really important role with the services and the technical assistance that they provide.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 3:21

So I think those are some areas Coming back to the core missions of cybersecurity and, oh, I shouldn't forget their role for protecting federal civilian executive branch networks. We want them to protect the gov, we want to make sure that some of those key services that they provide to protect our federal civilian networks are strong. So I think it's time to take a look and make sure that those programs are heading in the right direction and that critical infrastructure protection remains a strong mission for CISA.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 3:54

Yeah, and I mean I will say, since you know you guys should not be patting yourselves on the backs, I'll do it. This is a core function that the Committee on Homeland Security is uniquely able to perform in the Hill. Jurisdiction in cyber is a mess. It's a complete mess. It's something that you know. I penned a letter with my boss every year to the Rules Committee saying please fix this problem. It's been a priority of several chairmen going back and for ranking member Thompson of trying to consolidate this.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 4:25

But the holistic view that you all talk about in terms of how you look at across sectors is vital, and this is the only place on the Hill where this is really happening.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 4:35

So, you know, I think people should realize that it is really really hard when you look at all of the different sectorist management agencies, the different committees that they report up to, and we're lucky to have folks like you and Maura who are able to help look at this problem holistically. Not that I have scars from these fights at all. So, maura, last couple of questions here and then we're going to get some from the audience. But one thing that I think is on lots of people who are in this space's mind right now is SharePoint, right Another I'm getting flashbacks to 2021, exchange server, people exploiting at scale and then potentially saying, even if you've patched, you still got to look, you still got to change, basically out as much of your cryptographic keys as possible because people are just looking to exploit and put back doors in. What's that looking like from a response standpoint right now, from where you all sit and again conducting your oversight role in Congress?

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 5:38

Yeah, it's giving me flashbacks as well. I'm like not in a good way. So I'll make a couple of points on this. So, from a CISA response perspective, we did get notices from CISA proactively that they were working with Microsoft in response to this incident. What is different about their response right now from five years or four years ago is in the past, when there was a major cyber incident like SharePoint, cisa would have convened a congressional call. They would have convened calls with stakeholders. They would have pushed out information in a really, I think, proactive way.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 6:18

I'm sure that CISA did not have fun on the calls with congressional staff. That wasn't our goal, but they haven't happened and I have asked for them and I'm concerned that those kinds of calls don't seem to be happening. I don't know why they're not happening. I don't know if it's a staffing issue, I don't know if it's a transition issue. I'm not sure why it's not happening, but in the past there would have been convened a call that would have included our committee, um and several other national security committees that would, and they would have walked us through what the incident was, what, especially when there wasn't a patch initially but, um, they would have walked us through what the incident was, how the exploit occurs, the kinds of the kinds of victims not without without being specific, but they would have given us an idea of the kinds of victims that they were seeing, how they were supporting Microsoft and then how they were supporting the victim entities and then how they were pushing information out to other potential victims and how to identify the activity on their networks.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 7:24

And I think they're still doing some of that.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 7:26

They're just not doing the active calls that they used to do, at least on the congressional side, that really were helpful for our oversight purposes.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 7:33

So I'm hopeful that those will begin again.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 7:37

We are also engaging with Microsoft to try and get more information about what the nature of the incident you know the different patches that have gone out over the past month and want to understand how they're responding and ongoing oversight of Microsoft as a major supplier not like picking out a company, but just as a major supplier to the federal government and to critical infrastructure, understanding what they're doing to make sure their technology is secure.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 8:09

And they have been responsive to us In terms of providing information. I think we're still trying to set up a briefing that we all requested, but they're being responsive, I think more broadly, I think what is interesting about this is the different types of people that are taking advantage of this exploit and the different levels of sophistication of the attacks that we're seeing. So you're seeing some of the attacks that are easier to identify and some of the attacks that seem to be much more complicated to catch on to, and I think that is something that we're going to have to kind of become our new normal of these things might not always be easy to track and you might have some sophisticated actors that might be doing things that are more interesting and require a different level of monitoring.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 8:54

Yeah, Indeed, I remember those calls well and I'm not sure that some of my DHS colleagues or former DHS colleagues sitting in the front row might not have enjoyed the questions, but I do think they are very important for making sure that Congress is informed and there has been lots of oversight that has driven changes over time to responses. And, Alexandra, you know, one of the things that I think we've seen from the committee for some time is a focus on advanced threats from the PRC. It's been an area of emphasis at the first full committee hearing of the year. I was at a great hearing in like January 17th or something super early, but would love to hear sort of your perspectives on both the threat landscape and what you're learning as you conduct oversight of how agencies have responded and how that's informing your policymaking now.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 9:51

Yeah, absolutely. One thing I do want to clarify on the congressional briefings I agree, definitely very helpful. I don't think that that's exclusive to this. We haven't gotten them really in a while, so I just want to make that clear, not exclusive to this administration. And looking at the threat landscape itself, yes, we held that hearing just minutes after we constituted as a committee. I think we voted and then everyone came back in and reshuffled for the hearing, just showing how important it was, even to former Chairman Green to make sure that cyber stayed at the top of the agenda.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 10:31

We have been very focused on actors such as Volt Typhoon and Salt Typhoon year. We had our oversight subcommittee chairman, chairman Burkine, chairman Garbarino and Chairman Green all send a letter over to DHS requesting a lot of documents from looking at the Volt and Salt Typhoon response. We requested a lot of information and so that is something that we are still continuing to receive and we remain in contact with CISA in the interim so that we can make sure that we're performing that oversight work. So that's something that we do hope, ultimately, as we dig through our findings, that we can share a bit more. But I think, the more that we have had hearings and especially as we've been focused on these two reauthorizations, I think those two threat actors come up in almost every single hearing and I think that it underscores the importance of these two authorities to make sure that we can get ahead of those threats. With CISA 2015, it is ensuring that information sharing is happening, ensuring the information sharing is happening, and if that were to lapse, it would make it much harder to be able to stay ahead of these threats, especially when they are sitting in our networks and it might not necessarily be an incident right off the bat. So that's one thing we're keeping in mind.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 11:59

And on the state and local cybersecurity grant program, we know that critical infrastructure is being exploited and that oftentimes, a lot of owners and operators, especially ones that are under-resourced they just don't have the money to invest in cybersecurity and so being able to and we've seen that this program, we had a hearing on it has really been game-changing for a lot of areas that have finally had the money to be able to invest in basic cybersecurity practices they all just submit cybersecurity plans and they can decide from there what services to invest in accordingly. So I think that's another way that we hope that, if we can continue to bolster resiliency across the country through mechanisms such as state and local cybersecurity grant program. That we can still digging into and I think is something that we want to understand more especially on Salt Typhoon, about the steps that were taken, what the coordination looked like, how CISA worked with other agencies of course THS is within our remit how they worked with victims and where we're at specifically, because I think we still have a lot of unanswered questions.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 13:20

Yeah, I think certainly in the public record. If you look at recent reports on Salt Typhoon, some of them still from the FBI, saying, well, we think we have them contained, which is, I don't know, not terribly heartening to me Nine-ish months after this has become public. But I hope we're going to go to Q&A. So if you've got a question, raise your hand and I'll call on you in a second. But I hope that you are getting an appreciation. Actually, we already have one, but for the many complex issues that Hill has to deal with, from the complete, you know, geopolitical how do we deal with PRC aggression and our critical infrastructure networks to something that looks really tactical on the CVE program, but something that is just a pillar, a foundational pillar to how we do cybersecurity in this country, and we are lucky to have folks like Maura and Alexandra to help. All right, I thought I saw a hand right here. So there are mic runners and one is coming to you. If you can just identify yourself, that would be great.

Audience: 14:22

Hi, eva Hampel, with Dell Technologies, nice, to see you both. Actually, the last sentence you mentioned about CVE. That is my question. Follow up on the CVE Maybe not dinner table conversation, but some of us are talking about it in April the extension has a limited timeframe, as you mentioned that some of the processes on the Hill legislation, gao are slow, but on the business side there's I wouldn't call it some level of panic, but definitely a high level concern about it. Also, when you look at, say, like the open source community, there are conversations about how to modernize CVE to make it, you know, fit for future and continuing. So I'm just wondering have you heard from any of these voices yet? Where do you expect those conversations to go and how do you feel about the 11-month timeframe that we're dealing with?

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 15:21

Yeah, so high level. No, we haven't heard from a lot of people surprisingly. We heard from people during the fire drill. No, we haven't heard from a lot of people surprisingly. We heard from people during the fire drill. And then people are as we do with a lot of fire drills in DC. Once the fire's out, we're like, oh, we're good for 11 months.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 15:41

So I think people have, and it's also just not a kitchen table issue, right. So it's like a little bit niche and there's so much. I mean, there's a bit of a flood in the zone, right. There's a lot happening in the cyber world and CVE is so important, but we're hearing from people on other things. I invite everyone to come talk to us about CVE. We would love it.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 16:00

But I think what we're trying to, what we plan to do and I told Alan I was going to tell everybody, so he'll be fine with this is we have legislation that, like I said, is supposed to be a forcing mechanism to get CISA and NIST to really chart out a path forward. We're going to circulate that once and we'll hope to get everyone's feedback. I think part of like, in addition to actually generating a path forward, which is like the legislative goal. I think another benefit of this process is it generates the conversation and the buzz that keeps everyone focused on the issue right, I think, and there's a role to play for a lot of different actors. There's a role to play for our committee, I think, you know.

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 16:43

Getting permanent leadership at CISA will be helpful, so we don't have like a oh, is this, will we, won't we on this contract. I think things like that are going to be really, really important. I think I don't want to be glib, but I, in my experience so far, this administration, has been responsive to outside stakeholders, particularly industry. If industry makes noise and says they want this to continue, my assumption is that that will be very helpful to making sure it continues and stabilizing it. I don't want to speak for them. I obviously do not speak for them as a Democrat for the House, but my experience has been like squeaky wheel gets the oil, so keep being a squeaky wheel, all right.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 17:33

Maggie.

Audience: 17:37

Maggie Miller with Politico. Great to see all of you guys. Hi. I guess as a follow-up to actually what you just said Moira. I want to ask Alexandra you know your thoughts on if you've seen this draft that's being circulated and thoughts on the majority side on this. And then, secondly, who might succeed Chairman Garbarino on the Cyber Subcommittee?

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 17:59

So are you asking about the draft of the legislation?

-Moira Bergin, Staff Director (Minority), House Subcommittee on Cybersecurity & Infrastructure Protection: 18:04

Oh, she hasn't. We have not shared that with anyone yet, like we are still finishing edits. We have gotten why don't I get into the feedback we've gotten but we haven't circulated it broadly and so she will get a draft as soon as we circulate it. We were not going to keep secrets from Alexandra so open, we like to be open. She will get a draft. But you were aware we were doing.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 18:26

I mentioned to you we were doing it, so we're not keeping secrets and I will say broadly we've been tracking this issue too and we want to make sure that it's resolved and stabilized, so we look forward to reading your legislation. I have no guesses for you right now, so we'll see. It's still early in the process Again. He was just picked on Monday, so it's going through the course of next steps now.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 18:53

Great Other questions.

Audience: 19:03

Hi, my name is Jayden Beard. I'm from Inside Cybersecurity. This is a question for Alexandra. You mentioned that Chairman Garbarino wants to make some changes to CISA 15. I was wondering if you could expand on if there's anything specific he wants to be changed.

-Alexandra Jane Seymour, Staff Director (Majority), House Subcommittee on Cybersecurity & Infrastructure Protection: 19:20

Yeah, some of that we're still working on, so I do invite anyone from industry who would like to discuss that. We're happy to discuss those changes, but we're not ready to share them just yet.

Nick Leiserson, Senior VP, Policy, Institute for Security & Technology (moderator): 19:35

Great. Any other questions, all right. Well, we're right on time at 4.30. So I hope you'll join me in thanking our panelists from the Hill for the conversation and for the work they do every day. I'll turn it back over to Megan.

Audience: 19:56

Let's give them one more big round of applause.