The Department of Homeland Security enters 2025 with a familiar but intensifying set of threats. Expect more pressure on border operations and migration management, continued high-stakes cyber activity against critical infrastructure, expanded concern over commercial unmanned systems, and new policy battlefields around artificial intelligence. This is not a list of hypotheticals. These are active drivers that will shape DHS resource allocation and operational focus in the coming year.

Top lines to watch

1) Border and illicit flows remain a central operational stressor. Congress and the administration have made funding for people, facilities, and removal capabilities a focal point of the FY2025 conversation. DHS leadership has tied border funding directly to operational capacity at the southwest border and to countering trafficking in fentanyl and precursors. Expect continued emphasis on surge staffing, detention and repatriation logistics, and the integration of new surveillance and analytic tools into border operations.

2) Cybersecurity will stay at the top of the docket - both offense and defense. CISA’s work in 2024 hardened the case that cyber risk is the national risk multiplier. The agency recorded thousands of proactive pre-ransomware notifications and rolled out industry-facing programs to reduce vulnerabilities across critical sectors. Look for DHS to press Congress and private partners for sustained funding to scale continuous diagnostics, incident reporting, and vulnerability mitigation for industrial control systems. Operational emphasis will remain on disruption of ransomware kill-chains and rapid distribution of mitigations to state, local, tribal and territorial partners.

3) Drones and other low-cost commercial systems will get bigger policy weight. Federal guidance and congressional action in 2024 signaled a shift from treating drones as niche tools to treating them as a systemic risk. CISA and the FBI published guidance warning that Chinese-manufactured unmanned aircraft systems can create cybersecurity and supply chain exposure for critical infrastructure owners and operators. That guidance, and subsequent legislative steps limiting procurement of certain foreign-made UAS, will push DHS to invest more in counter-UAS detection, authorized defeat capabilities, and procurement controls. Expect a harder line on fleet origin, tighter policies for federal grants that fund UAS purchases, and pressure on state and local agencies to inventory and mitigate UAS-related risks.

4) AI is moving from conceptual risk to operational challenge. DHS signaled an intent to institutionalize AI governance by funding a Chief AI Officer and recruiting technical expertise for an AI corps. That is sensible. AI tools will be used by defenders and attackers alike to scale reconnaissance, craft deepfakes for influence operations, and automate exploitation workflows. DHS will need clear standards for responsible procurement, validated detection tools for synthetic content, and rapid-sharing channels with industry to identify malicious AI-enabled campaigns. Without those, the speed advantage will be on the side of adversaries.

5) WMD and CBRN preparedness will remain a steady requirement. The FY2025 resource outline includes funding increases for the Countering Weapons of Mass Destruction Office and programs to improve technical CBRN readiness. That funding matters because chemical, biological, radiological, and nuclear threats are low-probability but high-consequence. DHS will be asked to sustain prevention, detection, and response capabilities while also improving private sector engagement and information sharing.

Where DHS should prioritize hard choices

1) Apply money where it buys measurable operational capacity. Short-term surge hiring without sustainable career paths and technology life-cycle funding is a recipe for rapid burnout and capability collapse. Invest in frontline personnel, then follow through with training, retention incentives, and mission-tailored technology procurement that includes maintenance and upgrades.

2) Treat CISA as the national glue for public-private defense. CISA’s 2024 efforts show the agency can coordinate pre-ransomware notifications and push secure-by-design principles effectively. DHS should empower and resource CISA to expand real-time sharing with critical infrastructure operators and to operationalize its advisory role into scalable services for state and local partners. That means funding more sustained, not episodic, incident support teams and expanding the Protective DNS and threat alert capabilities.

3) Harden procurement and supply chain decisions now. The UAS guidance and congressional action in 2024 created momentum to restrict certain foreign-made systems in sensitive roles. DHS must enforce strict standards for technologies that touch critical infrastructure or sensitive operations. That includes pre-award security vetting, post-deployment telemetry restrictions, and grant conditions that prohibit use of higher-risk foreign-made components. The cost of delay is exposure and a longer remediation bill.

4) Move AI policy from playbook to testable controls. Funding a CAIO and hiring AI specialists are necessary first steps. The next steps are threat-informed AI risk assessments for each critical infrastructure sector, mandatory red-teaming for high-risk systems used in essential services, and standardized audit trails for automated decision systems used in national security operations. These are not academic exercises. They are operational risk controls.

5) Balance deterrence and resilience for asymmetric threats. Adversaries and opportunistic actors are increasingly enabled by cheap, widely available tools. Countermeasures must be layered: attribute and impose costs where possible, but assume some attacks will succeed and invest heavily in rapid recovery capabilities. Resilience is not a consolation prize. It is the principal deterrent against prolonged disruption.

A short checklist for DHS leaders in 2025

  • Finalize and resource a multi-year plan tying border funding to measurable removal and processing outcomes.
  • Scale CISA operational teams for pre-incident notifications and sector-specific rapid response.
  • Implement tighter controls on UAS procurement for federal and grant-funded use; expand counter-UAS detection for high-risk sites.
  • Operationalize AI governance with red-team requirements, shared detection tools, and sector risk assessments.
  • Prioritize sustainment funding for critical infrastructure recovery capabilities and CBRN readiness.

Bottom line

DHS will not face a single novel monster in 2025. It will face multiple, concurrently operating risk vectors that exploit speed, scale, and cheap access to advanced tools. That forces a triage decision: do you double down on short-term fixes or invest in durable systems that raise the cost of attack and shorten recovery times? The latter requires discipline, money, and an acceptance that risk reduction is an ongoing campaign. Be blunt about tradeoffs, prioritize capacity that directly prevents or materially reduces downtime, and treat public-private partnerships as operational assets, not optional outreach.