Ranking Member Henry Cuellar Statement at the Fiscal Year 2025 Budget Request Hearing for the Cybersecurity and Infrastructure Security Agency

Congressman Henry Cuellar (D-TX-28), Ranking Member of the Homeland Security Appropriations Subcommittee, delivered the following remarks at the Subcommittee’s hearing on the fiscal year 2025 budget request for the Cybersecurity and Infrastructure Security Agency:

Thank you, Chairman Amodei.

Good afternoon, Director Easterly. It’s nice to see you again. I appreciated our chat yesterday. Thank you for making the time.

As we know, our adversaries continue to leverage cyber tactics to threaten our national security, our economy, and our way of life. It’s hard to find a day when we aren’t learning of a new attack on a school system, our critical infrastructure, our healthcare data, or a federal agency – which recently included CISA.

These threats are posed by individual bad actors, transnational criminal organizations, and foreign adversaries like state-sponsored groups and nations. And while their capabilities are increasingly more advanced, we also continue to learn of basic cyber-hygiene issues, such as improper password management protocols and challenges with securing outdated systems and equipment.

The FY25 budget proposal for CISA is just over $3 billion, which is about $136M above the FY24 enacted. While it includes several important investments, such as $470 million for the  Continuous Diagnostics and Mitigation (CDM) program and $394 million for the Joint Collaborative Environment (JCE), I am concerned about whether we are doing enough given the resourcing advantage of those wishing to wreak havoc on our cyber systems and critical infrastructure.

Unfortunately, our adversaries aren’t limited by what Congress is willing to fund them, and they aren’t required to play by the same rules as our agencies are. I was disappointed by the cuts we had to make to CISA’s budget in the 2024 bill.

Many people don’t know that CISA’s budget is primarily funded by so-called, “Defense” dollars. For us on this Committee, that means we can’t simply reduce funding elsewhere in our bill to increase funding for CISA. And while I know there was a strong desire to direct as much of the available Defense” funding to the Department of Defense as possible, I fear if we continue to deprioritize CISA’s operations, we will regret the repercussions of our short-sightedness.

Earlier this month, FBI Director Christopher Wray warned us about the clear intentions of the People’s Republic of China. He stated that the PRC made clear that “it considers every sector that makes our society run as fair game in its bid to dominate on the world stage.” He continued that the PRC’s plan is to “land low blows against civilian infrastructure to try to induce panic and break America’s will to resist."

But we all know that the PRC is not our only threat. Our nation’s cyber frontier and critical infrastructure are far too vulnerable to attack; we must do more to out-pace our adversaries.

CISA plays a unique and vital role in partnering with other federal agencies, state and local governments, the private sector, and critical infrastructure owners and operators to protect against emerging and evolving threats.

Today, we will hear from Director Easterly on the challenges and opportunities that lie ahead for CISA, as well as the agency's plan for ensuring the security and operational vitality of our federal networks and our nation’s critical infrastructure — from energy and transportation networks to telecommunications systems and pipelines.

I’m interested in learning more about CISA’s recent Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and what additional resources CISA will need for its implementation.

I also want to hear about how the State and Local Cybersecurity Grant Program is working and what outcomes we can expect from that funding.

We cannot, however, become too focused on CISA’s important cybersecurity mission that we lose sight of its programs that advance the physical security of critical infrastructure, such as its responsibilities to work with Sector Risk Management Agencies to address threats beyond cybersecurity, and its other programs that assist our communities with bombing prevention, school safety, and other public gathering security priorities.

I was happy to see CISA provide a Physical Security Checklist to help election officials secure their polling locations. I hope to learn more about what Director Easterly is hearing from state and local election officials about election security concerns in their communities – both physical and cyber – especially given the elections this year.

I am eager to hear Director Easterly's testimony today and how Congress can help CISA better accomplish its complex mission.

Thank you again for being here today and I look forward to your testimony and answers to our questions.

Mr. Chairman, I yield back.