When Congressional Oversight Looks the Other Way: CISA Dodges Accountability
A cybersecurity agency that violated Americans' constitutional rights got a budget hearing instead of a reckoning
If you like articles from The Big Con, hit the like button, subscribe, comment, and recommend us in your Substack recommendations. It helps get the newsletter to more people.
The May 2025 oversight hearing of the Cybersecurity and Infrastructure Security Agency had all the hallmarks of serious congressional scrutiny—witness testimony, pointed questions, and stern budget warnings. But the most important questions never got asked. In fact, the hearing lasted less than an hour.
Acting Director Bridget Bean came prepared with impressive operational statistics that demonstrated CISA's active role in defending American infrastructure. Since January 2025, her agency had blocked over 700 million malicious connections targeting federal networks and an additional 60 million threatening critical infrastructure. CISA expanded its endpoint detection capabilities to over 415,000 federal endpoints, added 73 new vulnerabilities to its tracking catalog, and delivered 269 terrorism and criminal threat mitigation training courses to over 5,100 participants across all 10 regions.
Bean highlighted CISA's response to major Chinese hacking campaigns like Salt Typhoon, which compromised telecommunications networks to steal call records and intercept government officials' private communications, and Volt Typhoon, where Chinese actors embedded themselves in critical infrastructure systems, waiting to strike during potential military conflicts. Through its CyberSentry program, CISA established operational partnerships with 44 critical asset owners across seven infrastructure sectors, providing real-time threat detection capabilities.
The accomplishments were real and noteworthy, but Bean could have been grilled about entirely different activities—CISA's partnerships with Big Tech to flag "misinformation," its coordination with universities to monitor citizens' online speech, or its role in the sprawling censorship apparatus exposed by The Twitter Files. Instead, lawmakers focused on the operational successes while avoiding the constitutional controversies entirely.
The avoidance was deliberate. Chairman Mark Amodei announced upfront he would keep things "crisp and efficient"—code for avoiding the messy accountability work that real oversight requires. When he finally acknowledged CISA's constitutional violations at hearing's end, it was only to dismiss them: "I get that in the past they were doing stuff they shouldn't have been doing. I'm not concerned with any of that right now."
The hearing's budget focus proved consequential, revealing how dramatically congressional sentiment had shifted. The House had previously passed a 2025 appropriations bill allocating $2.93 billion for CISA—about $100 million more than the agency's current budget. But facing Trump's proposed $495 million cut for 2026, lawmakers ultimately approved a $135 million reduction from those higher 2025 levels.
While Amodei avoided detailed justification during the hearing itself, he would later provide a comprehensive rationale when the House committee actually voted on the budget, citing CISA's mission creep and need to end 'the days of censorship through mis-, dis- and mal-information efforts.
This represents a troubling precedent: agencies that trample constitutional rights get budget negotiations instead of accountability sessions. While Congress obsessed over spending cuts, the fundamental question of whether CISA deserves any taxpayer funding at all went unasked.
Without real consequences for past overreach, CISA's next constitutional violation isn't a question of if—it's when.
Sidestepping Past Misconduct
The hearing's avoidance of accountability went far beyond time constraints. Bean faced lawmakers who could have demanded detailed explanations about CISA's most controversial activities, yet not a single question addressed the agency's constitutional overreach.
The Questions That Were Never Asked
Bean could have been pressed about CISA's role as a central hub in what critics called the "censorship industrial complex." Lawmakers could have demanded specifics about the agency's partnerships with the Stanford Internet Observatory, the University of Washington's Center for an Informed Public, and other academic institutions that helped monitor and flag American citizens' social media posts. They could have asked about CISA's coordination with the Global Engagement Center and other government entities to pressure social media platforms into content moderation.
Matt Taibbi’s investigations released in December 2022, The Twitter Files, provided a roadmap of potential questions. Internal communications showed how CISA worked through intermediary organizations to circumvent First Amendment restrictions, using academic and non-profit partners as cutouts to influence Big Tech content policies. Bean could have been asked about her knowledge of these partnerships, her role in continuing or dismantling them, and what safeguards CISA had implemented to prevent future constitutional violations.
Republicans could have explored how CISA justified expanding from cybersecurity into content moderation. Democrats could have questioned whether the agency had proper legal authority for its election security activities that included monitoring Americans' speech. Neither party chose to dig into these fundamental questions about mission creep and constitutional boundaries.
Strategic Positioning for Avoidance
Bean found herself in the perfect position to avoid accountability. She joined CISA in 2022 as Chief Integration Officer, arriving just as the agency was deep into its "misinformation" monitoring partnerships while claiming it wasn't engaged in censorship. Her integration role may not have directly overseen content moderation activities, but she was present as the controversies built and the Twitter Files revelations emerged.
This timing meant Bean could plausibly claim limited knowledge of specific programs while avoiding responsibility for their creation. Yet lawmakers never tested this defense or pressed her on what she knew about the agency's most controversial period.
The Price of Looking Away
When bad actors within government agencies face no real consequences for constitutional overreach, they learn the lesson that violations can be weathered with time. CISA's leadership got the message that constitutional violations become "ancient history" if you simply wait for new political priorities to emerge.
It was only at the hearing's conclusion that Chairman Amodei acknowledged past misconduct—but only to dismiss it: "I get that in the past they were doing stuff they shouldn't have been doing. I'm not concerned with any of that right now." No accountability, no lessons learned, no institutional safeguards discussed.
This pattern extends beyond CISA. When Congress treats constitutional violations as budget line items rather than fundamental breaches of public trust, it signals to every federal agency that overreach carries minimal long-term consequences. The message becomes clear: violate citizens' rights, weather the immediate storm, then return to business as usual with new leadership and fresh talking points.
Ever-Evolving Threat Landscape
While lawmakers avoided examining CISA's past constitutional violations, they did engage with the legitimate threats the agency faces today. CISA operates in a threat landscape that's constantly shifting, where yesterday's defensive strategies quickly become obsolete and new vulnerabilities emerge faster than they can be patched.
When the Lights Go Out
The recent power outages in Spain and Portugal served as a stark reminder that critical infrastructure failures don't always have a cyber component, but they're just as dangerous. Acting Director Bean explained how CISA immediately reached out to international partners when the outages occurred, demonstrating the agency's role as a global hub for infrastructure security cooperation. While this particular incident wasn't cyber-related, it highlighted how quickly modern societies can be crippled when essential systems fail.
This kind of international coordination has become essential as threats cross borders effortlessly. CISA maintains partnerships with hundreds of international Computer Emergency Response Teams (CERTs), with staff members getting up at 4 AM for coordination calls. The Spain incident demonstrated how these relationships facilitate rapid information sharing, which could mean the difference between containing a crisis and allowing it to spread.
Energy Infrastructure in the Crosshairs
The Colonial Pipeline remains a haunting example of how cyberattacks can shut down critical energy systems. Rep. Gonzales pressed Bean on what CISA is doing to protect oil and gas infrastructure, leading to a sobering discussion about current vulnerabilities. Bean explained that nation-state actors aren't using sophisticated new techniques. Instead, they're exploiting known vulnerabilities and misconfigurations that companies haven't fixed.
The most concerning part? These attackers are "living off the land," using legitimate tools and techniques that don't leave obvious footprints. They infiltrate systems and remain undetected for months or years, mapping out critical infrastructure and positioning themselves for future attacks. Bean emphasized that adversaries are "searching the internet looking for misconfigurations, and they're getting in and they're going undetected."
The Ransomware Evolution
Ransomware has evolved from a criminal nuisance to a national security threat. CISA conducted more than 4,000 notifications in just the first quarter of 2025, warning entities about early-stage ransomware activity before attacks could be deployed. This proactive approach has saved billions of dollars and prevented critical services from being disrupted.
But the threat keeps evolving. Attackers are becoming more patient, more strategic, and more focused on high-value targets like hospitals, schools, and government agencies. Bean noted that ransomware groups are now conducting reconnaissance for months before striking, studying their targets to maximize damage and extortion potential.
The Vulnerability Race
Perhaps most telling was Bean's discussion of CISA's Known Exploited Vulnerabilities catalog, which has grown to over 1,300 entries. The private sector is now patching vulnerabilities identified by CISA an average of 15 months earlier than they would have otherwise. For state and local governments using CISA's vulnerability scanning services, exploitable vulnerabilities dropped by 31%.
But this is fundamentally a losing game unless the approach changes. As Bean put it, "patch Tuesdays just don't work anymore." The burden can't keep falling on individual users and small businesses to stay ahead of sophisticated adversaries. The real solution lies in "secure by design" technology that doesn't ship with known vulnerabilities in the first place. This evolving threat landscape explains why CISA's mission has expanded beyond traditional cybersecurity to encompass physical infrastructure, emergency communications, and international cooperation. The threats don't respect organizational boundaries, so neither can the defenses.
Finding Common Ground
These genuine cybersecurity challenges help explain why, despite CISA's past, lawmakers found surprising areas of agreement during the hearing.
Money Problems Take Center Stage
The most significant tension in the room centered around budget cuts. CISA faces a brutal budget reality with the approved cuts plus a $139 million reprogramming request that nobody seems to understand. This money crunch hung over every conversation, from keeping skilled workers to maintaining basic operations.
Chairman Amodei wasn't having it with vague bureaucratic answers. He demanded details: "We would like to know. So before the markup, in a timely manner, before the markup, it's like, so how's this affect things?" His frustration was obvious—Congress is wary of being told everything will be fine while hundreds of millions are slashed from the budget.
While disagreeing on the wisdom of proposed cuts, both parties demanded transparency about how budget changes would affect CISA's mission, reflecting shared congressional frustration with bureaucratic assurances and a bipartisan commitment to oversight responsibilities.
China: The Threat Everyone Agrees On
If there's one thing that united Republicans and Democrats, it was fear of China. However, this is no longer your typical espionage story. Chinese hackers have evolved from stealing trade secrets to something far more dangerous—positioning to cripple American infrastructure.
Rep. Hinson highlighted the Salt Typhoon campaigns, where Chinese operatives successfully penetrated major U.S. telecommunications networks. These weren't quick hit-and-run attacks. They accessed wiretap systems used by law enforcement and compromised sensitive government communications. Acting Director Bean painted an even scarier picture: Chinese hackers are already inside critical systems, waiting patiently to strike when it serves their interests, potentially during a future Taiwan crisis.
The discussion also touched on TikTok as a separate national security concern. While the app is banned from federal networks, millions of Americans still use it daily, potentially feeding data directly to Beijing. The Subcommittee members declared that TikTok represents the broader challenge of Chinese influence operations. This assessment provided a foundation for discussions about resource allocation and defensive priorities that transcended party lines.
The One Thing That Actually Works
In a rare moment of bipartisan harmony, everyone praised CISA's public-private partnerships. One example is the Joint Cyber Defense Collaborative, which gets companies that normally compete against each other to share threat intelligence for national security. As Bean put it, business competitors become "collaborators in the CISA world" because they trust the information will protect America, not help rivals.
This collaborative approach extends beyond just big companies. CISA's regional security advisors work directly with local businesses, governments, and educational institutions nationwide, fostering the kind of on-the-ground relationships that make cybersecurity effective. Both parties showed strong support for this hands-on approach, whether it's helping small businesses with basic cyber hygiene or partnering with universities to develop the next generation of cyber defenders.
These partnerships represent one of the government programs that both parties actually want to expand, seeing them as a practical way to strengthen America's overall cyber defenses without heavy-handed regulation.
Supporting Small Business
Both parties showed genuine concern for helping small businesses defend against sophisticated cyber threats. The discussion revealed bipartisan understanding that small companies often lack resources for robust cybersecurity but remain critical links in national security supply chains.
Support for CISA's cyber hygiene programs, vulnerability scanning services, and practical tools demonstrated shared recognition that protecting Main Street America serves broader national security interests. This agreement extended to the practical reality that small businesses shouldn't bear the burden of complex security requirements—instead, technology should be "secure by design."
Where Parties Diverged
But these moments of unity only highlighted how sharply the parties split on more fundamental questions about CISA's future, government efficiency, accountability, and priorities.
Republican Focus: Efficiency Without Sacrifice
While supportive of the agency's core mission, Republicans approached the hearing with a clear message: CISA needs to do more with less. Their questioning focused on streamlining operations and eliminating waste while maintaining critical capabilities.
Chairman Amodei captured the Republican philosophy perfectly: "More money is not automatically the answer." He demanded specifics about how cuts approaching three-quarters of a billion dollars would impact mission capability, but made clear he wasn't looking to simply restore funding without justification.
Rep. Ciscomani underscored this approach, asking Bean, "How [do] you anticipate the budget request changing... the availability of these resources" for state and local governments. Rather than opposing CISA's work, Republicans wanted to understand how budget constraints would affect actual operations.
Republicans also pushed for expanding partnerships that deliver tangible benefits to their constituents. Rep. Gonzales made the political calculation explicit, noting that university partnerships in members' districts would be "a sweet spot" during budget negotiations because "It's going to be very hard for us to say we want less of that, and it's going to be very easy for us to say more of that."
Democratic Resistance: Cuts as National Security Threats
Democrats framed the budget debate in existential terms, arguing that proposed cuts would fundamentally compromise America's cybersecurity defenses. Rep. Underwood didn't mince words, calling the reductions "not cutting fat" but "a death blow" to the agency.
Her critique went beyond money to motivation, alleging that cuts targeted a "congressionally mandated mission that the President is offended by, like securing America's elections from foreign adversaries like Russia." This represented a core Democratic argument: that efficiency efforts were merely political retaliation disguised as fiscal responsibility.
Democrats also focused heavily on DOGE-related security concerns, turning the efficiency narrative on its head. Rep. Escobar highlighted "unlawful ways that DOGE has been engaging with sensitive data," while Rep. Underwood provided detailed accounts of DOGE teams allegedly removing sensitive information from the National Labor Relations Board (NLRB) while "turning off monitoring tools" and deleting access records.
The most provocative claim? Rep. Underwood alleged that right after DOGE gained access to NLRB systems, the agency detected “suspicious login attempts from an IP address in Russia.” While she presented no evidence of a direct connection, Democrats used this timing to argue that efficiency efforts were creating new vulnerabilities rather than solving problems.
The Accountability Gap
Perhaps the sharpest divide emerged around accountability, but not where I expected. Democrats focused their accountability demands on current DOGE activities and budget cuts, demanding oversight of data handling and workforce reductions. Republicans, meanwhile, demanded accountability for current operations and spending while avoiding past CISA misconduct.
This created an interesting dynamic in which both parties sought accountability, but for entirely different reasons. Democrats sought to protect CISA from what they perceived as political persecution, while Republicans aimed to ensure that taxpayer money was being spent effectively on legitimate cybersecurity missions.
The hearing ended with this fundamental tension unresolved: Republicans believing CISA could maintain its mission with fewer resources if properly focused, and Democrats convinced that any significant cuts would leave America vulnerable to cyber attacks. Neither side seemed particularly interested in finding middle ground, suggesting that CISA's budget battles are far from over.
Chairman Amodei's warning was perhaps the strongest directive to emerge from the hearing: if CISA didn't provide clear answers about budget impacts, Congress might "do your budget for you"—essentially threatening that lawmakers would make cuts themselves if the agency couldn't justify its spending.
For an oversight proceeding, there was remarkably little discussion of how CISA fits into the broader federal cybersecurity ecosystem. The focus was much more on budget, threats, and operations than on interagency coordination. This gap was particularly notable given ongoing questions about how CISA coordinates with the NSA, FBI, and its parent agency DHS. With cybersecurity responsibilities scattered across multiple agencies, understanding these relationships should be central to effective oversight.
If CISA cannot clearly articulate how it will adapt to new fiscal realities while maintaining effective cyber defenses, Chairman Amodei's warning may prove prophetic. Congressional budget writers might indeed step in to make those decisions themselves. For an agency whose mission is protecting America's digital infrastructure, that would represent a failure of strategic planning that could have consequences far beyond budget spreadsheets.
It’s never too late to ask for accountability. So, call the White House, your representative, your senator. Tell them what you want.