Homeland Security Secretary Kristi Noem told lawmakers on Wednesday that the lack of detail the Cybersecurity and Infrastructure Security Agency could provide about a Chinese espionage unit’s high-profile intrusion into telecommunications firms in the U.S. and abroad underscored her desire to refocus the agency’s mission.
The Chinese Salt Typhoon campaign was first detected last year on federal networks, with the hacks ultimately compromising major telecom providers and political figures tied to President Donald Trump and the campaign of former Vice President Kamala Harris. The unit accessed at least nine U.S. providers and dozens of others around the world, and it also breached several American firms’ “lawful intercept” systems that contain wiretap requests from law enforcement personnel to surveil suspected criminals.
Noem told members of the House Homeland Security Committee that “one of the most alarming things I heard as soon as I was nominated for this position was in a briefing from CISA that told me that they knew with Salt Typhoon that we had been hacked, but they also said they didn’t know how it happened or how to stop it in the future.”
During her confirmation hearing in January, Noem said that CISA had “gotten far off-mission” by focusing on efforts to counter mis- and disinformation. The agency has drawn criticism from Trump and other conservative figures for its previous efforts to counter the spread of false social media posts around COVID-19 and election security, with opponents of the efforts saying they constituted federal censorship of free speech.
Noem reiterated that stance during Wednesday’s hearing, saying that CISA’s main mission is to “hunt bad actors and harden our systems for our small- and medium-sized critical infrastructure,” and that “that’s what we need to focus our resources on.”
The Trump administration has moved to reduce CISA’s workforce and called for eliminating the agency’s disinformation programs as part of its fiscal year 2026 budget proposal. The administration also disbanded the Cyber Safety Review Board — a cybersecurity oversight panel within DHS that investigates major cybersecurity incidents — in January while it was in the process of investigating the Salt Typhoon hacks, leaving the status of its ongoing review in limbo.
In a speech at the RSAC Conference last month, however, Noem said efforts to reshape the agency were focused on emboldening its cyber mission. She told the House panel that these steps include working to enhance CISA’s engagement with the private sector to help make sure “that we actually have answers to some of the threats that we have in front of us.”
She criticized the cyber agency for focusing on issues that she said diluted its mission, saying that “the thing that has alarmed me the most about CISA is the lack of information that they have, the lack of solutions that they have, and how they protect our critical infrastructure.”
House Homeland Security Committee Chairman Mark Green, R-Tenn., voiced support for Noem’s steps to reshape CISA’s mission, saying that it must move away from efforts to counter mis- and disinformation.
“Instead, CISA’s engagement with the private sector must focus on protecting critical infrastructure and our federal civilian networks,” Green said. “This must include streamlining burdensome regulatory requirements and ensuring CISA remains a trusted and reliable partner to the public and private sectors.”
Efforts to cut CISA’s workforce and slash its FY26 budget, however, received some pushback from Rep. Andrew Garbarino, R-N.Y., who leads the committee’s cybersecurity panel.
“I’m concerned that reducing CISA’s staff will not help CISA accomplish the mission of protecting cybersecurity,” Garbarino said. He asked Noem to provide him with further information about the number of laid off agency personnel and their duties.
Garbarino also said that, while he supported cutting the agency’s mis- and disinformation programs, those initiatives only received about $20 million in CISA’s recent budgets. The White House’s proposed budget would slash roughly $491 million from the $3 billion CISA received in FY25.
“The reductions that you see are in the areas where it got off mission, where it was involved in mis-, dis- and malinformation, and also the censorship activities,” Noem said. “That’s where the reflection is.”
Nextgov/FCW Cybersecurity Reporter David DiMolfetta contributed to this report.
