States assuming control over cybersecurity, under Trump's new strategy.
In the modern world, the threat of cyberattacks has become a significant concern for state and local governments, with cybercriminals increasingly targeting critical infrastructure and expanding their activities. Despite earlier doubts, the reality is that digital chaos now looms large, with enemies ranging from terrorist groups and cartels to kids just learning how to hack.
From healthcare facilities to court systems, governments across the nation are grappling with escalating cyberthreats. These threats encompass critical infrastructure threats, increased foreign actor activity, relentless ransomware attacks, and more, according to a recent report from the Multi-State Information Sharing and Analysis Center.
However, the situation has taken a turn for the worse as the federal government shifts some responsibilities onto states and localities to improve their infrastructure and address risks, including cybercrimes. Meanwhile, federal cuts have reduced resources for state and local officials, such as a cybersecurity grant program and a key cybersecurity agency.
Local governments and law enforcement agencies face a daunting challenge as they focus on acquiring essential tools like cars, guns, and protective gear. Despite the growing importance of cybersecurity due to the increasing digitization of government services and data, a national shortage of cybersecurity experts - especially at the local level - poses a significant hurdle.
Attacks are a constant and increasing occurrence, with high-profile incidents like the major cyberattack in Rhode Island that forced the state to take down its online portal for residents to obtain Medicaid benefits and SNAP, and subsequent breaches of the computer network of the Fall River School District in Massachusetts.
In 2023, only 22 out of 48 participating states in the Nationwide Cybersecurity Review reached or surpassed the recommended levels of security in their systems, underscoring a lack of preparedness.
As the federal government withdraws its support, states and localities are struggling to adapt. Measures like establishing new penalties for tampering with critical infrastructure, centralizing state IT personnel, and setting standards in various sectors offer a glimmer of hope.
However, these efforts are overshadowed by concerns regarding the Trump order, federal funding cuts, the shortage of IT experts at the local level, and insufficient preparedness. The expiration of the State and Local Cybersecurity Grant Program without plans for renewal further complicates matters and highlights the necessity of reauthorization by Congress.
The Mix-State Information Sharing and Analysis Center, a vital collaboration between CISA and the Center for Internet Security, saw some of its federal funding for certain programs cut recently. In striving to counter emerging threats, counties are still struggling to find resources to protect their infrastructure, despite relying on a multitude of federal resources.
In Indiana, for instance, state Sen. Liz Brown filed legislation encouraging state agencies and groups to develop cybersecurity policies, an effort that has received bipartisan support. Meanwhile, in New Mexico, Democratic state Sen. Michael Padilla championed the creation of the state's office of cybersecurity and believes New Mexico is well-prepared to fend off cyberattacks.
AI-driven defenses, zero-trust architecture, and the National Resilience Strategy present promising solutions to the escalating cybersecurity challenges. The March 2025 Trump Administration EO emphasizes state and local preparedness for cyberattacks and extreme weather, while the National Risk Register prioritizes efficiency through streamlined federal policies.
However, concerns remain about insufficient support for implementation, particularly as CISA faces staffing reductions that could dent its advisory role and undermine threat response efforts. Budget constraints and political turbulence further complicate workforce retention and threat mitigation efforts, potentially leaving state and local entities struggling to fully embrace advanced frameworks.
- The government's shifting focus towards cybersecurity has become crucial as critical infrastructure becomes increasingly vulnerable to cyberattacks.
- Healthcare facilities have become a prime target for these cybercriminals, posing a significant threat to individuals' health data.
- Despite the growing importance, there is a national shortage of cybersecurity experts, especially at the local level, creating a significant hurdle.
- Local law enforcement agencies often face a daunting challenge in acquiring the essential tools for cybersecurity, alongside traditional equipment like cars, guns, and protective gear.
- Schools and hospitals have also been victimized by cyberattacks, causing disruptions in services and potentially compromising sensitive information.
- The efficacy of law enforcement in dealing with cybercrime is hampered by insufficient resources, particularly in light of federal budget cuts and the withdrawal of federal support.
- Various states have taken initiatives, such as establishing new penalties for tampering with critical infrastructure and setting standards in various sectors, to combat these threats.
- The expiration of the State and Local Cybersecurity Grant Program without plans for renewal has added to the challenges faced by state and local governments in addressing these issues.
- The Multi-State Information Sharing and Analysis Center, a collaborative effort between CISA and the Center for Internet Security, has seen funding cuts for certain programs, making it harder to address emerging threats.
- In response, states like Indiana and New Mexico have initiated measures to improve their cybersecurity preparedness, with bipartisan support and the creation of state offices of cybersecurity.
- Solutions like AI-driven defenses, zero-trust architecture, and the National Resilience Strategy offer promise in countering these escalating cybersecurity challenges, but concerns remain about insufficient support for implementation and workforce retention.
