House lawmakers are investigating the Department of Homeland Security’s response to China-linked cyber intrusions into U.S. critical infrastructure, while also looking into DHS’s plans to reconstitute a review board that was investigating one of those cyber campaigns.
In a March 17 letter to Homeland Security Secretary Kristi Noem, Homeland Security Committee Chairman Mark Green (R-N.C.) asks for more information on the DHS response to the cyber campaigns known as “Volt Typhoon” and “Salt Typhoon.”
The letter was also signed by House Homeland Security cybersecurity subcommittee Chairman Andrew Garbarino (R-N.Y.) and oversight, investigations and accountability subcommittee Chairman Josh Brecheen (R-Okla.).
“Despite officials raising the alarm about Volt and Salt Typhoon, we still know very little about them — except that Volt Typhoon, in particular, continues to compromise our critical infrastructure,” the lawmakers wrote.
The lawmakers argued the Biden administration had a “lack of transparency” on the cyber campaigns that was “unacceptable and disconcerting.” They are asking Noem for all DHS documentation and communications regarding the campaigns, as well as data on when and how DHS first learned about the cyber intrusions.
They specifically want to know more about the Cybersecurity and Infrastructure Security Agency’s response to the hacking campaigns. The letter comes as the Trump administration targets CISA for downsizes. DHS laid off several hundred probationary employees at CISA, although they have since been reinstated under court orders (more on this below).
“CISA must be prepared and equipped to rapidly respond in times of crisis, as well as accountable to its stakeholders across the public and private sectors,” the letter states. “The committee seeks to examine CISA’s response to Volt and Salt Typhoon to ensure CISA is focused on, and empowered to perform, its core mission effectively.”
Calls for CSRB review
The Cyber Safety Review Board, a CISA advisory committee comprised of government and private sector experts, had been investigating the Salt Typhoon hacks at the tail end of the Biden administration.
But Noem disbanded all DHS federal advisory committees, including the CSRB, effectively curtailing its review of Salt Typhoon.
Garbarino, in a separate letter sent to Noem late last week, called for a review of the CSRB’s process before it is reconstituted.
He wrote that the board’s previous structure “inhibited the board’s full ability to fulfill its mandate.” He pointed to a “lack of transparency” regarding the appointment process for the CSRB.
“Industry members regularly interact with CISA, given the agency’s role as a ‘trusted partner’ to the public and private sectors,” Garbarino wrote. “As such, they may curry favor with the CISA Director for an appointment, potentially putting themselves in a position to directly investigate their competitors.”
Both Republicans and Democrats have raised concerns about transparency and conflicts of interest at the CSRB.
The Biden administration set up the board to investigate major national cyber incidents and share lessons learned. While it’s loosely modeled after the National Transportation Safety Board, its members include both high-level government officials and executives from industry.
The board’s membership process came under scrutiny last year when Microsoft executives complained about the presence of competitors on the board. DHS officials said representatives from competing companies recused themselves from a highly critical CSRB review of Microsoft’s security practices.
“Since the selection and recusal process of industry members for the board is not transparent to Congress or the American people, there is currently no accountability mechanism to prevent conflicts of interest,” Gabarino wrote in his letter. “This may deter entities involved in each incident from cooperating with the CSRB, as they may become increasingly reluctant to voluntarily share information with a Board that includes competitor organizations.”
Garbarino also said CSRB should establish a clear criteria for when and how a cyber incident is selected for review.
He requested that DHS complete its review of the CSRB and provide him with the results by June 13.
CISA reinstating fired probationary staff
Meanwhile, CISA is reinstating fired probationary employees following a federal court order. In a message posted to its website, CISA says that employees who are covered by the order will be reinstated and placed on paid administrative leave.
“CISA is making every effort to individually contact all impacted individuals,” CISA’s website states.
DHS fired more than 400 probationary employees last month, including more than 130 cuts at CISA. Many of those fired at CISA were under the Cyber Talent Management System, a new personnel system for cyber experts that features a longer probationary period than other federal positions.
If you would like to contact Justin Doubleday about recent changes in the federal government, please email [email protected] or reach out on Signal at J_Doubleday. 35
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
