Congress Wants Details From White House on Cyber Strategy, Iran Resilience Measures

What happened

Congress wants details from the White House on cyber strategy and Iran resilience measures as lawmakers seek more information on how the administration plans to implement its new cybersecurity strategy. Staffers from the House Homeland Security Committee and the House Oversight Committee discussed the issue during a panel at the RSAC 2026 Conference in San Francisco on Tuesday. Democratic staff director Moira Bergin said the strategy was disappointing because it did not specify agencies’ responsibilities or include policy or funding requests for lawmakers to assess. Republican staffer Roland Hernandez said the administration’s implementation plan is forthcoming and could be followed by executive orders. Lawmakers from both parties also said they want more regular updates on how the government is helping critical infrastructure organizations respond to Iran-linked cyber threats. 

Who is affected

The direct exposure is potential and centers on critical infrastructure organizations that may rely on federal support, coordination, and outreach related to Iran-linked cyber threats. The issue also directly affects congressional oversight of the administration’s cybersecurity strategy, implementation planning, and agency readiness. 

Why CISOs should care

This matters because lawmakers are openly questioning whether the government has provided enough implementation detail, enough outreach, and enough clarity on readiness as Iran-linked cyber threats continue to draw attention. It also puts focus on CISA’s staffing losses, oversight of the JCDC, and the stability of the CVE Program. 

3 practical actions

1. Track federal implementation closely: Monitor how the White House translates the strategy into implementation steps, especially if executive orders or agency-level actions follow. 
2. Reassess dependence on federal coordination: Review how much your organization relies on CISA outreach, infrastructure liaison support, or collaborative information sharing as lawmakers question agency readiness. 
3. Watch policy changes around cyber foundations: Follow potential congressional action involving the JCDC and the CVE Program, since both were identified as areas under active review.

For more coverage of policy, strategy, and industry-wide developments, explore our reporting under the Cybersecurity tag.