The U.S. House Committee on Homeland Security met for a field hearing at the Hoover Institution Wednesday to confront the United States’ vulnerable cybersecurity position, calling for a transformation in how the public and private sectors defend critical infrastructure amid intensifying cybersecurity threats.
The hearing came in the wake of cybersecurity cuts led by the Department of Government Efficiency (DOGE), as well as heightened concerns about cyber threats from foreign nations amid global trade wars and China’s recent ‘Salt Typhoon’ attacks. Congress is also preparing to reauthorize the Cybersecurity Information Sharing Act, which expires this September.
Representative Mark Green, a Republican from Tennessee and the chair of the Committee on Homeland Security, oversaw the event. Subcommittee chairman and New York Republican Andrew Garbarino and subcommittee ranking member Eric Swalwell, a Democrat from California, joined Green in questioning the witnesses.
The witness panel included former national security advisor H.R. McMaster, chief security intelligence officer of Palo Alto Networks Wendi Whitmore, global director for security and compliance at Google Cloud Jeanette Manfra and Jack Cable ’21, CEO and co-founder of Corridor, a company that helps organizations strengthen their software security.
The hearing aimed to identify cracks in cybersecurity regulation and determine where the public and private sectors must build cooperation and resilience. The witnesses also stressed the importance of building human capital, especially through academics, research and “granting visas to graduates who can help grow our nation’s talent base in science and engineering,” McMaster said. These remarks come amid the Trump administration’s recent moves to revoke visas for Chinese students and halt international student enrollment at Harvard University.
The conversation began with a discussion of the relationship between cyber attackers and defenders, which Green described as lopsided. “The costs and incentives associated with cybersecurity are currently imbalanced in favor of the attacker rather than the defender,” Green said, citing a 2024 IBM report that found the global average cost of a data breach in 2024 was nearly $4.9 million.
Green noted the disparity between hackers and businesses, saying that attackers only need a certain degree of technical knowledge and a laptop to be successful. On the other hand, victims must invest in advanced security systems and deal with heavy costs related to damage.
According to Whitmore, victims of cyber attacks face poor public perception and a loss of credibility. Companies often face a double standard — when a company suffers a cyber attack, it is frequently blamed, scrutinized in the media and faced with immense regulatory demands, she said. To transform cyber defense, Whitmore stressed, society must reconceptualize companies as victims, not villains.
Green also advocated for concerted actions across industry and government to enhance cybersecurity. He noted the importance of dismantling “duplicative and costly compliance burdens” that prevent security principles from being consistently adopted across sectors, and called for “technological solutions for regulatory compliance.”
Much of the hearing focused on public-private partnerships. While the government holds responsibility for national defense, Green argued that “cybersecurity truly is a team sport.” He urged increased information-sharing and the integration of security features into technology from the outset. In light of increasingly sophisticated attacks, particularly from China, Green advocated “[raising] the cost of cyberattacks for our adversaries” and strengthening the U.S.’s offensive cyber capabilities.
For McMaster, offensive capabilities such as tools to strike back against attacks, aid rapid recovery and restore operations after a cybersecurity breach were an important investment. He also emphasized that the U.S. must maintain a competitive advantage in artificial intelligence, quantum computing and other rising technologies to protect critical infrastructure.
Large-scale threats were central to the conversation, with Whitmore reporting that Palo Alto Networks “blocks up to 31 billion cyber attacks daily,” of which “up to 9 million represent novel attack methods never previously seen.” Whitmore urged Congress to champion the use of AI and automation methods to modernize cyber defenses, citing a reduced response to cyber attacks by Palo Alto Networks customers after the company implemented AI security operation centers.
However, Cable warned against reliance on AI coding assistance, believing that it will lead to extreme vulnerability in critical software. Studies have shown “even top AI models write vulnerable code 30% to 40% of the time,” Cable said.
Green argued the government must take a more proactive role in security. “It is unfair for the federal government to expect the private sector to defend itself against nation states,” Green said.
