U.S. House Homeland Security Appropriations Bill Seeks to Modernize Border Infrastructure Security with Proactive OT/IT Security Measures

The FY 2026 House Homeland Security Appropriations Bill highlights growing focus in Congress on protecting border infrastructure from cyber threats. The directive to implement continuous monitoring and real-time threat intelligence reflects a broader push toward modern, preventive cybersecurity across federal agencies.

As the digital and physical worlds become increasingly intertwined, the technologies used to protect national borders — once largely isolated — are now connected, intelligent and, unfortunately, more vulnerable than ever. Surveillance systems and cameras, biometric scanners, drones and other operational technology (OT) systems have become essential components of modern border protection. But with their growing capabilities comes an urgent need to secure them against cyber threats.

Today’s cybersecurity landscape demands more than just IT protection. The OT and internet of things (IoT) environments that underpin essential services, especially at the border, must be integral to any modern security strategy.

A legislative signal: Border security in the spotlight

Recent developments in Congress underscore a significant policy direction. The House Appropriations Committee recently passed its version of the FY 2026 (FY26) House Homeland Security Appropriations Bill. The bill places a clear focus on securing border infrastructure through proactive cybersecurity measures. This momentum builds on broader federal cybersecurity efforts, including:

• Executive Order 14306 reinforcing critical infrastructure defenses in response to escalating nation-state cyber threats
• Transportation Security Administration (TSA) security directives targeting OT in pipeline, rail and aviation infrastructure
• The Cybersecurity and Infrastructure Security Agency (CISA) Binding Operation Directive 23-01 requiring comprehensive asset visibility across IT, OT and IoT
• The Office of Management and Budget (OMB) Memorandum M-24-04, mandating inventories of all IoT and OT devices

While the FY26 House Homeland Security Appropriations Bill still needs to pass the House floor, the Senate, and be signed into law by the President, its language sends a strong signal: OT systems are no longer cybersecurity afterthoughts — they are national security imperatives.

A clear mandate for proactive security

The bill specifically encourages U.S. Customs and Border Protection (CBP) to "implement a proactive strategy to support real-time threat intelligence, risk-based prioritization, and continuous monitoring of critical border security technologies." This is a powerful statement, emphasizing a move away from reactive incident response to a more preventive and adaptive security posture.

It also directs CBP to brief Congress on its efforts to "assess, prioritize, and mitigate cybersecurity vulnerabilities and misconfigurations across all IT, OT, and IoT assets within the border security technology ecosystem." The directive explicitly calls for a holistic view of the attack surface, acknowledging that security gaps in OT and IoT systems can pose as significant a risk as those in traditional IT.

Why this matters for federal agencies

Border technologies do more than monitor perimeters, they enable the entire infrastructure of U.S. border operations. These systems help detect illegal crossings, track cargo, identify high-risk individuals and facilitate lawful trade and travel. A cyber attack on these systems isn’t just a technical problem, it’s a national security risk. Disruptions could impair real-time situational awareness, halt operations at ports of entry and potentially allow bad actors to bypass detection.

Congressional focus on OT/IoT security at the federal level is a significant step forward for several reasons:

• Elevating OT/IoT to national priority: The bill validates what many in the cybersecurity community have long recognized: that OT and IoT systems are core components of critical infrastructure and must be secured accordingly.
• Driving a proactive approach: The emphasis on "proactive strategy," "real-time threat intelligence," "risk-based prioritization" and "continuous monitoring" reflect modern cybersecurity best practices. It’s a clear move from reactive defenses to proactive exposure management.
• Encouraging comprehensive visibility: Today’s border systems don’t operate in isolation. They’re part of a broader ecosystem that includes IT networks, cloud platforms, OT and IoT devices. Directing CBP to secure all IT, OT and IoT assets reinforces the need for complete visibility across the entire attack surface because you can't secure what you can't see.
• Safeguarding data privacy and operational continuity: Border security systems handle highly sensitive data — including biometric records, surveillance footage and traveler information — making them a prime target for attacks. The bill’s language underscores the need for strong, proactive controls to protect data and avoid operational interruptions.
• Setting a precedent for broader federal security: The language within the Homeland Security bill can serve as a strong indicator for other federal agencies and departments regarding the increasing importance of securing their own OT and IoT deployments. This ripple effect could lead to a broader enhancement of critical infrastructure security across the U.S. and inspire similar initiatives globally.

Beyond the border: A broader commitment to cyber resilience

In addition to the border security language, the FY26 House Homeland Security Appropriations Act also includes several other crucial cybersecurity initiatives relevant to a secure federal attack surface:

1. Advancing CDM capabilities: This bill supports strengthening foundational security initiatives like piloting next gen technologies- like OT asset discovery and integration into the Continuous Diagnostics and Mitigation (CDM) program.
2. Embracing modern security paradigms: The bill encourages the adoption of cutting-edge security approaches such as AI-powered security and detection tools, application-based IoT discovery, cloud security, Zero Trust Architecture (ZTA) and post-quantum cryptography, highlighting a commitment to modern, adaptive defense models.
3. Supply chain and critical infrastructure protection: The bill directs CISA to focus on the most vital critical infrastructure sectors, explore new services like supply-chain vendor certification and real-time risk monitoring and assess a cyber readiness pilot for DHS contractors.

What this means for Tenable U.S. customers

The FY26 House Homeland Security Appropriations Bill reinforces a critical national priority: safeguarding the cyber integrity of U.S. border security technology and homeland security systems. This aligns closely with Tenable’s mission to support federal agencies in gaining visibility, understanding risk and proactively strengthening their cybersecurity posture.

As agencies like CBP deploy advanced technological solutions, the need for trusted, capable partners becomes even more vital. Tenable is committed to standing alongside our federal partners — not just as a technology provider but as a mission ally in defending the systems that protect U.S. borders and, ultimately, the nation’s national resilience. Because securing border technologies isn’t just about protecting entry points — it’s about setting a standard for how critical infrastructure is secured across the country.

Learn more

• Explore Tenable solutions for government
• Learn more about Tenable One FedRAMP
• Learn more about Tenable OT Security
• Request a demo