Congressional oversight of homeland security should be blunt. Twenty four years after the attacks of September 11, 2001 we are not short of anniversaries or speeches. What we are short of are clear priorities and investments that match the threat picture.
This year’s public posture from Capitol Hill has been a predictable mix. The House Homeland Security Committee formally signaled its annual worldwide threats review in late September, an exercise that traditionally gathers DHS, the NCTC, and other national security leaders to talk strategy and capability. That announcement is the right forum for a straight appraisal. But announcements are not the same as follow through.
Congress is responding to concrete tactical gaps. On November 18, the House passed legislation focused on vehicular terrorism prevention and mitigation, a clear admission that low-tech, high-lethality attacks remain a real vector for mass casualty events and require targeted mitigation. Lawmakers are starting to legislate to the problem set. That is necessary. It is not sufficient.
The threat landscape has evolved in three ways that matter to how DHS should be organized and resourced. First, attack economics favor cheap, asymmetric tools. A single vehicle, a small drone swarm, or a few kilograms of unclaimed explosives can inflict mass casualties and civic trauma. Second, the cyber and physical domains are entangled. Attacks on industrial control systems, transportation networks, or supply chains amplify kinetic effects. Third, the information environment radicalizes faster and enables operational planning with low barriers to entry. Oversight hearings must force agencies to show how they are adapting to all three realities.
Here is where DHS hearings routinely miss the mark. They tilt toward political flash points rather than capability gaps. Border enforcement and immigration policy are undeniably part of homeland security. They are not the whole of it. Hearings and public messaging that prioritize politics over a sober examination of counterterrorism tradecraft, intelligence fusion, local partner capacity, and infrastructure resilience will produce charts and press releases but not lower risk. The public wants safety. The machinery of security requires patient, technical investments.
From a practitioner’s perspective the checklist is clear. Rebuild and sustain local counterterrorism capacity through grant programs that fund intelligence analysts, bomb squads, and interagency training. Harden soft targets and mass transit with proven, scalable measures. Invest in CISA and operationalize threat information sharing so that a credible cyber-physical indicator in one jurisdiction produces immediate mitigation actions nationwide. Treat emerging technologies like commercial drones, generative AI, and commodity chemical precursors as force multipliers for adversaries and fund countermeasures now. These are operational steps, not slogans.
Finally, hearings should produce enforceable timelines and metrics. An appearance before a committee that ends with grandstanding and no metrics is worse than no hearing at all. If Congress wants answers it should demand threat-reduction metrics, not talking points. Where DHS cannot produce measurable plans to shrink critical vulnerabilities in 12 months that are backed by funding and delegated authorities, lawmakers should stop taking comfort in statements and start using tools they already have: appropriations, statutory missions, and confirmation levers.
Twenty four years after 9/11 the challenge is not nostalgia. It is disciplined modernization. If lawmakers and DHS leaders treat hearings as performance theaters they will get performance theater. If they use hearings to drive capability and accountability the homeland will be measurably safer. That is a simple, unforgiving fact.