Insights Gleaned from the 2025 Cyber Civil Security Symposium

Insights Gleaned from the 2025 Cyber Civil Security Symposium

In the ever-evolving landscape of cybersecurity, the Cyber Civil Defense Summit, held on June 11, 2025, at the Ronald Reagan Building and International Trade Center in Washington, D.C., brought together 200 members of the public interest cybersecurity community to discuss and address the unique challenges faced by essential public service providers operating with limited budgets.

Udbhav Tiwari, a prominent figure in the tech industry, spoke about Signal's commitment to data minimization principles and its efforts to counter surveillance-based business practices within the tech industry. His words resonated with the attendees, who were primarily leaders from academia, government, and industry, all positioned at the forefront of grassroots efforts to secure the systems and networks of critical infrastructure.

The summit aimed to address questions around the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. Secure-by-design principles were highlighted as a potential solution to shift the burden away from under-resourced organizations.

State and local governments are collaborating with private companies to tackle these challenges. For example, New York State has proposed new cybersecurity regulations for its public water systems, paired with a $2.5 million grant program to support infrastructure upgrades and cybersecurity defenses. This approach specifically targets local governments, which own many public water systems serving smaller communities, addressing their limited resources and critical needs.

The Cybersecurity and Infrastructure Security Agency (CISA) plays a central role in fostering innovative, collaborative partnerships between government entities and the private sector. They work closely with state, local, tribal, and territorial (SLTT) governments to build cybersecurity capacity and promote best practices tailored to different community needs.

However, collaborative initiatives face challenges. For instance, CISA’s Joint Cyber Defense Collaborative (JCDC), a key program designed to coordinate public-private efforts to combat cyber threats, recently suffered a significant loss of contractor personnel due to a contract lapse. This temporarily reduces its capacity to support coordinated defense activities and information sharing, which can affect its ability to assist vulnerable service providers nationwide.

Research and thought leadership highlight the concept of a "Cyber Poverty Line," reflecting how underfunded and resource-constrained organizations—common among rural and smaller public service entities—face disproportionately high cyber risks because they lack the capacity for robust defense or rapid recovery. This underscores the importance of targeted resources, flexible funding, and tailored cybersecurity support to protect essential services in these communities.

The administration, however, is reversing course and limiting the federal government's role in cyber defense. The Trump Administration has ended cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Private companies are encouraged to play a greater role in cyber civil defense, including by embracing secure-by-design principles.

Despite these challenges, the Cyber Civil Defense Summit emphasized the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organizations. Cybersecurity regulation remains a rare area of bipartisan agreement within state legislatures, but funding remains the largest barrier to passage.

More outreach is needed to raise awareness and convey the value of free cybersecurity resources available to under-resourced public agencies. Free cybersecurity services are available for organizations operating on the 'cyber poverty line,' such as cyber volunteering initiatives, university-based cybersecurity clinics, and government-provided services. Texas's regional security operations centers offer free cybersecurity incident response services to local governmental entities.

In summary, collaboration is occurring through regulations with funding support, federal agency partnerships led by CISA, and efforts to understand and address structural inequities in cyber defenses for vulnerable populations. Yet, ongoing resource constraints and capacity issues remain critical barriers to comprehensive cybersecurity for essential public services on limited budgets. The theme of this year's summit, Collaborative Advantage: Uniting Forces to Achieve More, encapsulates the spirit of the event, emphasizing the importance of unity and collaboration in the face of these challenges.

1. Udbhav Tiwari, a notable figure in the tech industry, discussed Signal's dedication to data minimization principles and their endeavors to combat surveillance-based business practices within the tech sector.
2. The Cyber Civil Defense Summit, attended by 200 members of the public interest cybersecurity community, focused on the challenges faced by essential public service providers operating with limited budgets.
3. The summit emphasized the potential of secure-by-design principles to alleviate the burden on under-resourced organizations regarding cybersecurity.
4. State and local governments are teaming up with private companies to tackle these challenges, with New York State proposing new cybersecurity regulations for its public water systems and providing a $2.5 million grant program for infrastructure upgrades and cybersecurity defenses.
5. The Cybersecurity and Infrastructure Security Agency (CISA) promotes innovative, collaborative partnerships between government entities and the private sector, focusing on building cybersecurity capacity and promoting best practices.
6. However, collaborative initiatives like CISA’s Joint Cyber Defense Collaborative (JCDC) have faced challenges, including a loss of contractor personnel due to a contract lapse that temporarily reduced its capacity.
7. Research has highlighted the existence of a "Cyber Poverty Line," referring to the increased cyber risks faced by underfunded and resource-constrained organizations, many of which are rural and smaller public service entities.
8. The Trump Administration has halted cooperative agreements with Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), encouraging private companies to play a greater role in cyber civil defense.
9. State legislatures maintain bipartisan agreement on cybersecurity regulation, although funding continues to be the primary obstacle to its implementation.
10. More awareness and appreciation for free cybersecurity resources available to under-resourced public agencies are needed, such as cyber volunteering initiatives, university-based cybersecurity clinics, and government-provided services like those offered by Texas's regional security operations centers.
11. The Cyber Civil Defense Summit stressed the importance of tailored cybersecurity regulations and solutions that cater to the unique challenges faced by public interest organizations, with unity and collaboration being crucial in overcoming the persistent barriers to comprehensive cybersecurity for essential public services on limited budgets.

Read also: