During a House Homeland Security Committee hearing prior to the congressional recess, Rep. Seth Magaziner (D-RI) spoke about proposed cuts to the Cybersecurity and Infrastructure Security Agency.
Category
🗞
NewsTranscript
00:00I now recognize the gentleman from Rhode Island, Mr. Magaziner, for five minutes of questions.
00:05Thank you, Chairman. The Cybersecurity and Infrastructure Security Agency, CISA, leads our nation in securing businesses, critical infrastructure, and the government from cybercriminals, hackers, and adversarial countries.
00:19When U.S. businesses are attacked, CISA provides vital response and recovery. When there's an emerging cyber threat or a breach, CISA warns private industry about the threat and also provides training and education to the private sector, critical infrastructure operators, educational partners, and the general public.
00:37The absolutely vital work done at CISA makes our country safer from the growing threats on cyberspace, in cyberspace.
00:47And I am glad that there is bipartisan interest in reauthorizing the Cyber Information Sharing Act of 2015 so that this work can continue.
00:57In part, though, the continued success of CISA and the hopefully growing success of CISA depends not just on this legislation being reauthorized, but in making sure that CISA is adequately resourced.
01:16And we need to ensure that the Trump and Musk administration doesn't cut CISA to the extent that they have announced they intend to do so.
01:26We should be investing in this space, not cutting back, because our adversaries are not cutting back.
01:31And if we're going to believe that the administration takes cyber security seriously, then we're going to need to see from them a reversal in their plan to cut nearly half a billion dollars from CISA's budget, which is what was proposed in the administration's fiscal 26 budget.
01:49If the administration took cyber security seriously, they would be investing in CISA, not cutting it.
01:54So we need to talk about that, and then we need to talk about the alternative.
02:00How do we build CISA up to continue to be successful going forward in the context of an ever more complex and hostile threat environment targeting the United States?
02:14So I'll start with Ms. Kuhn. Did I pronounce that correctly?
02:18Kuhn?
02:19Kuhn.
02:20Kuhn.
02:21So in April, it was reported that the administration, the Trump administration,
02:24plans to cut over 1,000 jobs at CISA, which is expected to impact a myriad of programs across the agency.
02:35Can you discuss what the impact of those kinds of workforce cuts would be and whether they are a good idea or not?
02:47If we talk about the threats that we're facing right now, you were asking about adversaries earlier,
02:53and one of the critical roles that CISA is playing right now is that we really have, with the advent of AI and specifically generative and agentic AI, three types of threats right now.
03:02We have malicious, which we all understand, nation-state adversaries and criminals.
03:07We also have malfunction and mistake.
03:10So if we think about what happened this summer with CrowdStrike from a software incident perspective, and then also with AI, when all of a sudden an LM decides to go poorly.
03:18So CISA is playing a critical role.
03:20One, you know, the public partnership groups that I discussed before, like JCDC and the Advisory Council,
03:25of helping share information between the companies that are on the front line from the private sector developing technologies and the government when things happen from a threat perspective.
03:34The other thing that's really critical is, you know, we talk a lot about the private sector, but the reality is that a huge amount of our critical national infrastructure sits within medium and small businesses.
03:46And they rely on CISA for things like the small company guidances that came out in the last few years with cyber.
03:52Yeah, I think that's such an important point.
03:54I mean, one of the things that I think the general member of the public doesn't fully appreciate unless they're deep in this stuff is that, you know, when our adversaries, particularly the state actors, you know, China, Iran, North Korea, others, are trying to hack into U.S. systems,
04:10it's not just the big government agencies like the Pentagon or the big companies like Northern Trust, but small and medium-sized businesses.
04:17And also all of these local utilities and local governments all across the country.
04:24And, you know, we hear about these cases in classified settings, but there are also plenty of cases that have been publicly reported of local water systems, local airports, et cetera.
04:34So, again, just getting back to the issue of resources and workforce, CISA has, I mean, thousands and thousands of customers that it needs to interface with, small businesses, small localities.
04:46So, again, how important is it that we maintain a strong workforce at CISA in that light?
04:52So, I'll give an example.
04:53And, you know, you talk about the small businesses and the importance of CISA.
04:57Not long ago, I was on a plane chatting with the woman next to me.
05:00She was on her way to Florida because she was meeting her husband and her grandkids.
05:04And her husband was retiring from his job.
05:06What do you do?
05:07Well, he was a concrete distributor in Dallas.
05:09And she explained to me that they were selling the company.
05:12The company was going out of business, basically, because she literally went.
05:16There was one of those ransomware attack things.
05:19He borrowed my phone and did something for business on my phone.
05:23And we had a ransomware thing.
05:25And something, there was a gang in Turkey, and this is her explaining this to me, who charged us $6 million.
05:31And it was just too hard to clean up.
05:34We don't have the ability of understanding the cybersecurity.
05:37And so, we just gave up, and we're closing the business, and he's going to retire.
05:41That's the issue we're facing here, is that, you know, while we can represent large organizations
05:47that can spend, you know, millions and millions and millions on cybersecurity,
05:51there are exponentially more organizations out there, critical national infrastructure,
05:56small banks, grocery stores, you name it, that don't have the ability and need organizations
06:02like the program CISA provides in order to ensure that we have mature cybersecurity.