Lessons Gleaned from the 2025 Cybersecurity Defense Conference

Lessons Gleaned from the 2025 Cybersecurity Defense Conference

In the face of escalating cyber threats, securing essential public services, particularly in small, underserved communities, presents a significant challenge. This challenge is compounded by federal funding cuts and resource limitations.

Texas's regional security operations centers (RSOCs) offer free cybersecurity incident response services to local governmental entities, but many small municipalities and public-sector organisations lack the necessary funding, cybersecurity expertise, and workforce capacity to implement and maintain robust security systems.

The EPA offers free cybersecurity services, including technical assistance and cybersecurity assessments for water and wastewater utilities, but the dependence on outdated legacy systems and regulatory compliance pressures further hinder their ability to adopt modern security measures.

The administration's decision to end cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) and Trump's executive order transferring responsibility for cybersecurity preparedness to state and local governments have further complicated the situation.

Private companies can play a greater role in cyber civil defense, particularly by embracing secure-by-design principles. Signal, a private company, is committed to data minimization principles and upholding user privacy through end-to-end encryption.

Congress's unwillingness to reauthorise the State and Local Cybersecurity Grant Program, a federal initiative providing cybersecurity funding to state, local, tribal, and territorial (SLTT) governments, has left a gap in funding.

Addressing these challenges requires a multi-faceted approach. Adopting AI and advanced technologies can enhance security despite limited staff, while collaborative partnerships between public agencies, cybersecurity service providers, industry partners, and federal initiatives can better acquire and deploy modern security solutions and share threat intelligence.

Targeted funding advocacy and sustained investment are crucial to addressing the impact of proposed federal funding cuts. Modernization of IT infrastructure, prioritizing investments to replace legacy systems with secure, resilient platforms tailored to the critical needs of public service providers, is also essential.

Regulatory alignment as an innovation driver can promote the adoption of best practices and drive innovation in cybersecurity practices, particularly in critical infrastructure sectors. Focusing on workforce development, supporting programs like the National Health Service Corps (NHSC) and Teaching Health Center Graduate Medical Education (GME), can help alleviate shortages of skilled cybersecurity and healthcare professionals in underserved communities.

The 2025 Cyber Civil Defense Summit, hosted by CLTC, brought together nearly 200 members of the public interest cybersecurity community to explore how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government. The Summit, which took place on June 11, 2025, at the Ronald Reagan Building and International Trade Center in Washington, D.C., aimed to address the cybersecurity of essential public service providers that lack the budget to secure their networks and systems.

Udbhav Tiwari, Vice President of Strategy and Global Affairs at Signal, spoke about the company's efforts to counter surveillance-based business practices within the tech industry. The central theme of the Summit was the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organisations.

The Trump Administration's decision to limit the federal government's role in cyber defense, including by reducing the staff of the Cybersecurity and Infrastructure Security Agency (CISA) and shrinking its budget, has raised concerns about the ability of state and local governments to effectively respond to cyber threats.

In conclusion, securing cybersecurity for essential services in small, underserved communities requires a combination of advanced technology adoption, strategic partnerships, workforce development, and sustained funding to build resilience and equity in public-sector cybersecurity.

1. Despite technology advancements, securing cybersecurity for essential public services in small, underserved communities remains a significant challenge, exacerbated by federal funding cuts and resource limitations.
2. Regional security operations centers (RSOCs) in Texas offer free cybersecurity incident response services, but many small municipalities and public-sector organizations struggle with funding, expertise, and workforce capacity.
3. The EPA provides free cybersecurity services, including assistance for water and wastewater utilities, but their dependence on outdated legacy systems and regulatory compliance pressures hinders adopting modern security measures.
4. The administration's decision to end cooperative agreements with MS-ISAC and EI-ISAC, as well as Trump's executive order transferring cybersecurity preparedness responsibilities, complicate the situation further.
5. Private companies can contribute significantly to cyber civil defense by adopting secure-by-design principles, with firms like Signal emphasizing data minimization principles and user privacy through end-to-end encryption.
6. Congress's unwillingness to reauthorize the State and Local Cybersecurity Grant Program has left a funding void, making it challenging for state, local, tribal, and territorial governments to invest in cybersecurity.
7. To address these challenges, a multifaceted approach is necessary, including AI and advanced technology adoption, collaborative partnerships, targeted funding advocacy, and IT infrastructure modernization to replace legacy systems with secure, resilient platforms.
8. Regulatory alignment, focusing on workforce development for cybersecurity and healthcare professionals, and sharing threat intelligence through collaborative partnerships can promote innovation in cybersecurity practices.
9. The 2025 Cyber Civil Defense Summit highlighted the need for tailored cybersecurity regulations and solutions to address the unique constraints of public-interest organizations, particularly in underserved communities. It underscored the requirement for a combination of advanced technology adoption, strategic partnerships, workforce development, and sustained funding to build resilience and equity in public-sector cybersecurity.

Read also: