Insights Gleaned from the 2025 Cyber Security Defense Summit

Insights Gleaned from the 2025 Cyber Security Defense Summit

In a bid to bolster cybersecurity for essential public services, particularly those lacking the budget for cybersecurity talent and tools, the Cyber Civil Defense Summit was held recently. The summit aimed to bring together members of the public interest cybersecurity community, with nearly 200 attendees participating.

The focus of the summit was on exploring ways in which cyber civil defenders could collaborate to advance their crucial work, regardless of federal government support. This collaborative approach was encapsulated in the theme of the event, "Collaborative Advantage: Uniting Forces to Achieve More."

On the federal front, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) have taken the lead in providing significant grant programs to support cybersecurity for essential public service providers. For fiscal year 2025, these programs amount to over $100 million.

The State and Local Cybersecurity Grant Program (SLCGP) provides $91.7 million for state and local governments to enhance their cybersecurity capabilities. The Tribal Cybersecurity Grant Program (TCGP), on the other hand, allocates $12.1 million specifically for tribal governments, tailoring its goals to meet the unique needs of these communities.

These programs are part of a broader, historic federal effort initiated under the Infrastructure Investment and Jobs Act of 2021. Key features include targeted support for underserved communities, flexibility in uses, and a multi-year commitment, with over $1 billion planned to be distributed over four years.

However, it's important to note that Congress is unlikely to reauthorize the State and Local Cybersecurity Grant Program, a federal initiative providing cybersecurity funding to state, local, tribal, and territorial (SLTT) governments. This underscores the need for continued advocacy and outreach to raise awareness about these valuable resources.

The need for cybersecurity regulation and funding goes hand-in-hand with setting regulated entities up for success when they are required to comply with new standards. The Trump Administration, for instance, signed an executive order that transferred responsibility for cybersecurity preparedness to state and local governments.

Yet, the Administration's stance on cyber defense has since shifted, with the federal government limiting its role, as seen in the reduction of CISA's staff and budget, and the ending of cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Private companies can also play a significant role in cyber civil defense. They can do this by adopting secure-by-design principles, contributing to the collective effort to enhance cyber resilience.

Moreover, entities' participation in free cybersecurity services can be a challenge due to a lack of expertise or understanding among local leaders. Improving rates of adoption depends on education, relationship building, and a mindset shift among these leaders.

For instance, Texas's regional security operations centers offer free cybersecurity incident response services to local governmental entities. Similarly, the Environmental Protection Agency (EPA) offers free cybersecurity assistance and assessment for water and wastewater utilities' IT and OT systems.

Rep. Plaskett has argued for updated standards and funding models that better account for the realities of rural healthcare systems, small island utilities, and isolated communities. A 'one-size-fits-all' approach to cybersecurity standards and resourcing often leaves smaller, underserved communities behind.

In summary, while the federal government's role in cyber defense may be evolving, initiatives like the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program are making a substantial difference in enhancing the cyber resilience of essential public services, particularly those in underserved communities. Private companies and local governments also have a crucial role to play in this ongoing effort.

[1] Source: https://www.cisa.gov/slcgp [2] Source: https://www.fema.gov/media-release/20210429/fema-and-cisa-announce-nearly-1-billion-in-cybersecurity-grant-funding-for-states-local-tribal-and-territorial-governments [3] Source: https://www.cisa.gov/press-release/cisa-announces-nearly-1-billion-in-cybersecurity-grant-funding-states-local-tribal-and [4] Source: https://www.cisa.gov/slcgp/grant-program-guidelines [5] Source: https://www.cisa.gov/tribal-cybersecurity-grant-program

1. To address the lack of cybersecurity resources in essential public services, the Cyber Civil Defense Summit emphasized collaboration among cyber civil defenders as a crucial approach.
2. The theme of the summit, "Collaborative Advantage: Uniting Forces to Achieve More," encapsulates this collaborative approach to cybersecurity.
3. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) are leading federal initiatives, offering over $100 million in grant programs for FY 2025.
4. The State and Local Cybersecurity Grant Program provides $91.7 million for state and local governments, while the Tribal Cybersecurity Grant Program allocates $12.1 million for tribal governments.
5. These federal initiatives are part of the broader Infrastructure Investment and Jobs Act, with a focus on supporting underserved communities, flexibility, and a multi-year commitment.
6. However, Congress is unlikely to reauthorize the State and Local Cybersecurity Grant Program, highlighting the need for advocacy and outreach.
7. The Trump Administration transferred responsibility for cybersecurity preparedness to state and local governments, but the federal government's role has since shifted, with potential impacts on cyber defense.
8. Private companies can contribute to cyber civil defense by adopting secure-by-design principles and participating in collectives aimed at enhancing cyber resilience.
9. Adoption of free cybersecurity services by local governments can be challenging due to a lack of expertise among local leaders, requiring education, relationship building, and a mindset shift.
10. Texas's regional security operations centers and the Environmental Protection Agency offer free cybersecurity incident response services and assistance to local governmental entities and water and wastewater utilities, respectively.
11. Rep. Plaskett advocates for updated standards and funding models that better account for the unique needs and realities of rural healthcare systems, small island utilities, and isolated communities.

Read also: