Congress Must Stop Treating Cyber Defense Like a Partisan Prize

Why Is U.S. Cyber Defense Stuck in Legislative Gridlock?

More than five years after the SolarWinds breach compromised at least nine federal agencies, Congress still has not passed a comprehensive cyber defense reform bill. The reason is not a shortage of threat intelligence. It is a surplus of political posturing, and the American people are paying the price.

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency all warned in the spring of 2026 that ransomware attacks against hospitals, school districts, and municipal water systems were running well above 2024 levels. A senior official, speaking on condition of anonymity, told reporters that foreign actors had stepped up scanning of U.S. power grid infrastructure by a measurable margin since January. Yet the House and Senate have spent more time arguing about which committee gets credit than about how to protect the grid.

The central legislative fight involves the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, which was last renewed in 2024 and faced another expiration deadline in the spring of 2026. The provision allows the intelligence community to collect the communications of non-Americans located overseas without an individual warrant. Privacy advocates on the left and right want stricter rules requiring warrants when American identities appear in collected data. Intelligence officials say such a requirement would blind analysts during fast-moving cyber intrusions.

Both sides have legitimate concerns. Neither side has a monopoly on patriotism. But the country cannot afford another temporary patch job passed at the last minute because lawmakers waited for a crisis to force their hand.

The problem is compounded by jurisdictional turf battles. Homeland Security, the Justice Department, the Defense Department, and the intelligence agencies each operate under different legal authorities and different congressional committees. A former Senate Intelligence Committee staffer said the result is a patchwork of authorities that no single official can coordinate in real time during a major breach.

What Do Intelligence Officials Say About the Threat?

Two officials familiar with the matter said the Office of the Director of National Intelligence is tracking at least six foreign intelligence services with demonstrated cyber capabilities against U.S. critical infrastructure. The People's Republic of China, Russia, Iran, and North Korea top the list, with China described in classified reporting as the most persistent strategic threat to American networks.

The 2025 Annual Threat Assessment of the Intelligence Community, published by the Office of the Director of National Intelligence, stated that Beijing is positioning itself to disrupt U.S. transportation systems, energy pipelines, and water treatment facilities in the event of a conflict over Taiwan. That is not speculation. It is the consensus judgment of the entire U.S. intelligence community.

A former Senate Intelligence Committee staffer said lawmakers have received closed-door briefings showing that Chinese military hackers have already penetrated networks that control elements of the electric grid in the continental United States. The staffer said the compromised entities included at least one regional utility operator with customers in multiple states. Officials have not named the company publicly because of ongoing remediation and classification constraints.

The same officials said Russia remains focused on influence operations and destructive attacks against Ukrainian-related targets, while Iran and North Korea concentrate on ransomware and cryptocurrency theft to fund their regimes. The threat is not monolithic. It is diverse, persistent, and growing.

The Justice Department official with knowledge of the case said federal prosecutors are preparing charges against multiple individuals linked to a ransomware syndicate that targeted health care providers in the Midwest during the spring. The official said the syndicate operated from a Russian-speaking region and used cryptocurrency wallets traced to exchanges outside U.S. jurisdiction. No arrest is imminent.

What Would Real Reform Look Like?

Real reform would start with a clean, multi-year reauthorization of Section 702 that includes strict limits on queries of American data, mandatory reporting to Congress, and criminal penalties for unauthorized access. It would also require CISA to publish an unclassified national cyber threat estimate every six months so that state and local officials can prepare without waiting for a classified briefing.

Congress should also pass legislation giving CISA and the FBI faster authority to take down botnets, seize malicious domains, and share threat indicators with the private sector without drowning companies in liability paperwork. Two officials familiar with the matter said the current process for issuing emergency cyber directives can take days, while an adversary can move from initial access to domain-wide encryption in hours.

And the federal government must finally impose real consequences on contractors that leave backdoors in software used by federal agencies. The SolarWinds breach occurred because a nation-state actor compromised the company's software update mechanism, but the broader lesson is that the federal procurement process rewards low cost over security design. A former Senate Intelligence Committee staffer said multiple bills now pending would require software vendors selling to the federal government to meet baseline security standards and report breaches within 72 hours.

The partisan temptation will be to blame the last administration or the next one. That is a luxury Washington can no longer afford. The networks are under attack today. The intelligence is clear. The only question is whether Congress will act before the lights go out.