CESER chief touts AI projects as congressional Dems point to federal cuts

A Trump administration official endorsed a slate of congressional bills Tuesday targeting cybersecurity in the energy sector while touting the office’s new emphasis on AI-driven cyber defenses. Meanwhile, Democratic members repeatedly pressed him over the cybersecurity and reliability impacts from thousands of job cuts that have taken place at the Department of Energy over the past year.

At a House Energy and Commerce Committee hearing, Alex Fitzsimmons, acting director at the Department of Energy’s Office of Cybersecurity, Energy and Emergency Response (CESER), signaled the administration’s support for a package of bills that would address cybersecurity in the energy sector.

Those bills include the reauthorization of a critical department grant program that funds cybersecurity upgrades for rural utilities, the codification of public-private information sharing partnerships, and a bill that would require states to include resilience and physical and cybersecurity issues in their energy security plans.

Fitzsimmons, who also serves as acting under secretary of energy, said CESER was working to overhaul its strategic focus and implement artificial intelligence tools, including a new program called AI-For Operationally Resilient Technologies and Systems, or AI-FORTS.

“That is prioritizing AI for cyber defense, because as threat actors invest in AI-enabled offensive cyber weapons, we need to be doing everything that we can to use AI and the technological advances of AI” to protect the country’s infrastructure, said Fitzsimmons.

CESER’s budget request for FY 2026 describes AI-FORTS as an “overarching program”  that will use AI “to develop defensive cyber tools, implement active defense measures to disrupt, deter, and recover from cyber attacks, and characterize and counter AI-enabled offensive cyber capabilities from threat actors.”

In support of these goals, the budget request states that the Risk Management Tools and Technology Division “will shift from more traditional cybersecurity R&D to focused research on AI dominance and an ability to operate through compromise.” The document also states that CESER will prioritize its technical resources on energy infrastructure that supports military installations and operations.

Democrats on the committee, meanwhile, repeatedly pressed Fitzsimmons on how CESER and the Department of Energy would implement the bills it endorsed in the wake of thousands of firings and federal departures over the past year.

When Rep. Bob Latta, R-Ohio, who chaired the hearing, asked if CESER had the staff and resources needed to execute any new authorities or duties in the legislation being considered by the committee, Fitzsimmons said “I do, yes.”

When pressed by Rep. Rob Menendez, D-N.J., on whether it was accurate that the Trump administration had fired or removed more than 3,500 Department of Energy staffers since taking office, Fitzsimmons said “sure, that’s a fair number.”

Democrats also decried hundreds of canceled or delayed grants from CESER and the Department of Energy over the past year, accusing the administration of halting the flow of billions of dollars in federal support to electrical utilities that could have been dedicated to cybersecurity.

“I’m hopeful that these cybersecurity bills will be helpful but to be honest…they’re really just a drop in the bucket when you look at the energy reliability problems the Republicans are causing for the American people,” said Rep. Frank Pallone, D-N.J..

Volt Typhoon gets scant attention

Volt Typhoon, the Chinese-linked hacking group U.S. national security officials say has burrowed into critical infrastructure, is often cited as an unprecedented threat — but it drew only scant mention from committee members.

At one point Rep. Jodie Miller-Meeks, R-Iowa, referenced the group when asking about supply chain concerns for battery management systems and other energy industries.

Fitzsimmons said “there clearly is a single point of failure in many supply chains we’re facing,” specifically citing the renewable battery, solar power and critical minerals industries.

“We are actively working to build out the supply chains for those technologies here in the United States, while simultaneously recognizing that a lot of these systems are in the field today and so we should be doing continuous testing of these systems to understand what the cyber vulnerabilities are to equip the private sector…with tools to mitigate threats,” he added.

U.S. national security officials have said Volt Typhoon’s mission is to disrupt U.S. critical infrastructure and deter American involvement if China invades Taiwan. Rep. Julie Fedorchak, R-N.D., asked how CESER was preparing U.S. companies for “a scenario where we have a cyber attack and it escalates alongside geopolitical conflicts.”Fitzsimmons suggested the administration is currently gaming out that scenario with federal agencies and industry, conducting exercises to see “what happens if you have a severe weather event…and you have constrained pipeline capacity, and you have an opportunistic cyber attack from a nation state threat actor.”

“How do you deal with that cascading challenge all at once,” said Fitzsimmons.