Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Congress wants details from White House on cyber strategy, Iran resilience measures

Lawmakers’ aides from both parties say they want to be kept in the loop on implementation.

Published March 25, 2026
Eric Geller's headshot
Senior Reporter
an exterior view of the US Capitol building
The U.S. Capitol is shown at sunrise on Jan. 19, 2025, in Washington, D.C. Lawmakers want the government to share more information about several cybersecurity issues. Joe Raedle via Getty Images

SAN FRANCISCO — Members of Congress and their staffs are eagerly awaiting the Trump administration’s plan for implementing its new cybersecurity strategy and want more regular updates on how the government is helping critical infrastructure organizations guard against new Iran-linked hacking threats.

Staffers from the House Homeland Security Committee and the House Oversight Committee discussed those and other cybersecurity issues during a panel at the RSAC 2026 Conference here on Tuesday.

While the Democratic and Republican staffers sometimes took different approaches to the issues, they agreed on the need for more details about the strategy and about efforts to counter Iran-linked cyberattacks.

Moira Bergin, the Democratic staff director for the House Homeland Security cybersecurity subcommittee, said the strategy was “disappointing” because it didn’t detail agencies’ responsibilities or give lawmakers any policy or funding requests to evaluate. The brief document provided high-level goals for the government’s approach to critical infrastructure, deterrence and other topics, but did not specify policy objectives.

Her Republican counterpart, Roland Hernandez, said the GOP side of the committee anticipated that the White House would build on the strategy “in the form of executive orders.” He also said the administration’s implementation plan was “forthcoming” but declined to elaborate.

“My expectation,” he added, “is that we will have some follow-up activity to help support and drive implementation of the [strategy’s] pillars.”

Seeking more answers on Iran

The U.S. and Israel’s war against Iran has amplified the cybersecurity threat that critical infrastructure organizations face, and with Iran-linked hackers already breaching some infrastructure operators, some lawmakers aren’t sure the U.S. government is prepared.

Democrats on the Homeland Security Committee “are most concerned about whether or not CISA in particular is prepared to be a partner” to infrastructure operators, Bergin said. The agency has lost roughly one-third of its workforce since January 2025, including personnel in key infrastructure liaison roles.

“Even during the first Trump administration, when there were periods of heightened tension with Iran or any state actor, there was a more systematic outreach to Congress about what the administration was doing proactively to protect critical infrastructure and to engage with critical infrastructure owners and operators,” Bergin added. “There has been less of that this administration. I think that is something that our members would be interested in seeing return.”

Hernandez said the committee was planning a classified briefing for Thursday with officials from the Department of Homeland Security and other agencies, possibly including the FBI.

“I agree that it would be good to have regular communication,” he said.

Cybersecurity “is a bipartisan priority,” Bergin stressed. Keeping Iran out of critical systems is “a shared goal, and I think we would like to have more proactive outreach.”

Policy to-do list

With CISA struggling, House Democrats want a better sense of where the agency’s capabilities have been weakened the most.

Democrats are considering legislation that would require CISA to assess and report back on its readiness, similar to the “force structure assessment” that Congress required the military’s U.S. Cyber Command to undertake in late 2020.

“We have a limited understanding of how [CISA cuts] impacted programs and activities across the agency,” Bergin said.

Even during the Biden administration, she said, “there was bipartisan agreement” that CISA was understaffed. Now, she added, “it's hard to understand” how anyone could say it’s adequately staffed.

Democrats also remain concerned that CISA’s Joint Cyber Defense Collaborative (JCDC) has grown too big to be effective. Bergin said the committee has heard complaints that the group’s information sharing channels are no longer trustworthy because of how many participants have access to them. Rep. Eric Swalwell, D-Calif., the top Democrat on the Homeland Security Committee, has been concerned about the JCDC for years, and Bergin said he remains interested in reforming the group.

“We want to restore the trust of that environment,” she said. “Our goal is … to understand who's there, how'd they get there, and what role they're going to play in the organization.”

That could involve prodding JCDC to create small sub-groups composed of companies that have broad and deep visibility into the cyber-threat landscape, which could then exchange information about threat activity in a more trusted way.

Democrats on the committee are also exploring legislative solutions to the crisis engulfing the CVE Program, the initiative that labels and catalogs security vulnerabilities and underpins defensive work worldwide. The nonprofit that runs the program almost lost federal funding last year, prompting worries about its future. The AI-fueled boom in vulnerability reports has also overwhelmed the program.

“We have learned about some real issues that could be opportunities for improvement in the program,” Bergin said. She said eventual legislation could formalize a more direct oversight role for CISA, provide more budget stability and ensure that international partners have a bigger voice in how the globally important program operates. She noted that other organizations have launched their own CVE catalogs and said “that's not good for the network defenders.”

“Our goal is to stabilize the program, improve it, put it on a track to modernize, making sure that the technology that supports the program, the interface, is all workable,” Bergin said. “Understanding that it is foundational to a lot of work that you all do, we want to make sure that it works for you.”

Editors' picks

Company Announcements

View all | Post a press release
Why Edge RF Awareness Is Essential for the M2M Era
From Digital Global Systems
March 16, 2026
Digital Global Systems logo
CyberFOX AutoElevate Named a High Performer in G2’s Spring 2026 Report for Privileged Access M…
From CyberFOX
April 01, 2026
CyberFOX logo
AI Is Fueling Secrets Sprawl. GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secr…
From GitGuardian
March 17, 2026
GitGuardian logo
Realm.Security Rolls Out AI-Ready Security Data for the Modern SOC Ahead of RSA Conference
From Realm.Security
March 16, 2026
Realm.Security logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell