Trump’s national cyber director nominee grilled about his resume, proposed spending cuts

National cyber director nominee Sean Cairncross faced questions from senators Thursday morning about how someone with no cyber experience or background could take over a role previously held by cybersecurity experts. 

Cairncross — the chief operating officer for the Republican National Committee and a former senior adviser to President Donald Trump — focused nearly all of his answers on the need for the U.S. to engage in more offensive cyber operations, a refrain echoed by many administration officials since Trump took office in January.

When asked specifically about his lack of experience in cybersecurity, Cairncross acknowledged that he does not have a “technical background in cyber” but said his roles running private sector organizations and managing the federal Millennium Challenge Corporation gave him a “user side” perspective that is valuable to the U.S. government. 

“I've had to deal with foreign nation attacks on our systems. We've worked with the FBI and the intelligence community to learn about them, to stop them and to monitor those attacks. On the user side, I have that experience,” he testified before the Senate Homeland Security and Governmental Affairs Committee.

“On the management side, I have run thousands of people and billions of dollars in funds, and in doing those jobs, I surround myself with smart people, make sure that the right people are in the right place to do the jobs and take their advice.”

Several public and private sector cybersecurity leaders have come out in support of Cairncross’ nomination, including the first national cyber director, Chris Inglis. 

The Office of the National Cyber Director is a White House agency that coordinates policy and advises the president. The director role was previously held by Harry Coker, a former executive director of the National Security Agency with decades of experience in the US Navy and CIA.

Cairncross expressed support for two bipartisan cyber bills — the Cybersecurity Information Sharing Extension Act and the Rural Hospital Cybersecurity Enhancement Act — while pledging to consider backing the reauthorization of a popular state and local cybersecurity grant program administered by the Cybersecurity and Infrastructure Security Agency (CISA).

He said if he is confirmed, he wants to get on the ground and hear what state-level officials need before making policy determinations.  

‘You’re going to be left holding the bag’

Cairncross faced his toughest questioning from Sens. Elissa Slotkin (D-MI) and Andy Kim (D-NJ), both of whom asked him to defend the Trump administration’s proposed $451 million cut for CISA’s fiscal 2026 budget. About 1,000 positions are slated to be eliminated from the agency.

Cairncross said his goal was to defend the U.S. in the “the most efficient, effective way” as cyberattacks increase and become more sophisticated.

Slotkin slammed the answer, warning Cairncross that he would be overseeing the “single biggest cut to cybersecurity dollars” that help states like hers defend critical infrastructure.

“It’s my power companies who have come to me and said ‘we used to get quarterly updates from CISA and get a sense of the threat picture across the country.’ Now we don't have that and feel vulnerable,” she said, eventually comparing the situation to the time before the 9/11 terrorist attack. 

“I am deeply worried that we're going to have a spectacular cyberattack, and you're going to be left holding the bag. You can't say you care about an increasing and more sophisticated set of attacks while cutting the very people who help defend against those attacks. How can you justify a nearly $500 million cut on cybersecurity, given what you yourself just said?”

While backing Cairncross’ support for more offensive cyber operations against adversaries, Slotkin spoke at length about the chaos around the Trump administration’s cybersecurity efforts, noting that the White House pulled Sean Plankey, the nominee for director of CISA, from the hearing agenda late Wednesday night and has attacked former administration officials.

“The petty desires of the president are going to leave us more vulnerable, and you're going to be the guy. If we have our cyber 9/11, you're going to be the guy who is sitting there saying, ‘Holy crap, we just cut all this money and I just had all the power go out on the Eastern seaboard, or the Chinese stole a whole bunch of our personal data from every hospital and every school,’” she said. 

Concern over the Typhoons

Several Republican senators pressed Cairncross about the way forward when it comes to China’s Salt Typhoon and Volt Typhoon hacking campaigns, which targeted critical infrastructure and telecommunications companies over the last three years. 

Cairncross said Salt Typhoon was evidence that “China is, without question, the single biggest threat in this domain that we face.”

“China is squatting on our critical infrastructure systems, and they have an ability to exercise that at a time and place of their choosing, and that should be unacceptable, and it is unacceptable,” he said. “I look forward to working to do everything I can to make sure that our adversaries, our enemies and criminals who operate in this space know that it is not a cost-free endeavor.”

When asked about the campaigns by Sen. Josh Hawley (R-MO), Cairncross said he wanted to foster a better relationship between the private sector and the U.S. government in an effort to figure out “what the barriers are to a smooth and efficient and effective defense.” He referenced potential changes to “regulatory schemes” and said he wanted to “incentivize information flow.”

“It's using the comparative advantage of the United States government, which can illuminate the battlefield for the private sector, and leveraging those assets,” he said. 

Near the end of the hearing, Hawley warned that the American people were not fully aware of how widespread the Salt Typhoon hacks were and how deep Chinese access extended. 

He said members of Congress were told last year that they should expect their telephone conversations and unencrypted text messages are being monitored constantly by foreign actors. While members of Congress are being targeted, China’s access extended to anyone in the U.S. who foreign actors wanted to concentrate on. 

“What we were told is that foreign actors basically have unlimited access to our voice messages, to our telephone calls,” he said. “They're sitting in our telecom system, in our exchanges.”

Cairncross said the best solution is to “impose strategic dilemmas on our adversaries.”