Essential Insights Gleaned from the 2025 Cybersecurity Defense Conference

Essential Insights Gleaned from the 2025 Cybersecurity Defense Conference

In a significant move, the Trump administration has ended cooperative agreements with MS-ISAC and EI-ISAC, transferring responsibility for cybersecurity preparedness to state and local governments [1]. This change comes as federal funding for cybersecurity initiatives protecting critical infrastructure in the United States experiences significant cuts, with the Cybersecurity and Infrastructure Security Agency (CISA) workforce reducing by about one-third and many contracts ending [1].

The current state of federal funding for critical infrastructure cybersecurity initiatives is concerning. Over the past six months, federal cyber support has diminished, potentially increasing vulnerabilities in critical infrastructure for cyberattacks [1]. However, some federal cybersecurity programs continue to receive targeted support. For example, the Department of Energy’s multi-year Consequence-Driven Cyber-Informed Engineering (CCE) program has grown steadily since 2018, supporting advanced training and security engagements with utilities and defense installations to mitigate cyber risks [2].

The Trump administration's moves jeopardize federal agencies' ability to help operators by offering essential free services like vulnerability scans, expert assessments, and tailored guidance [1]. This shift risks undermining coordinated national defense against cyber threats across vital sectors [1][2].

Recent proposals by the federal government include an AI Information Sharing and Analysis Center led by the Department of Homeland Security and new technical standards developed by agencies like the Department of Defense and NIST [3][4]. These initiatives aim to address emerging threats like those to AI systems used in critical infrastructure.

The potential impacts of reduced funding or changes in federal leadership are significant. Weakened federal coordination and support for critical infrastructure operators could leave them more exposed to cyber threats [1]. Greater reliance on states and local governments could lead to inconsistent cybersecurity postures across jurisdictions [1]. Increased cybersecurity vulnerabilities in critical sectors such as energy, utilities, and health could raise the risk of successful cyberattacks with potential wide-reaching consequences for public safety and economic stability [1][2].

The Cyber Civil Defense Summit 2025, hosted by CLTC at the Ronald Reagan Building and International Trade Center in Washington, D.C., aimed to address these issues by exploring how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government [5]. The Summit brought together nearly 200 members of the public interest cybersecurity community [6].

Udbhav Tiwari, from Signal, highlighted the company's commitment to data minimization principles and its efforts to counter surveillance-based business practices at the Summit [7]. Michael Klein emphasized the importance of vendors in critical infrastructure sectors adopting secure-by-design principles [8]. Organizations like the Environmental Protection Agency (EPA) offer free cybersecurity assistance and assessments to water and wastewater utilities [9].

However, more outreach is needed to raise awareness about free cybersecurity resources available to under-resourced public agencies. Texas's regional security operations centers (RSOCs) provide free cybersecurity incident response services to local governmental entities, but getting entities to participate is challenging [10]. A 'one-size-fits-all' approach to cybersecurity standards and resourcing often leaves smaller, underserved communities behind [10].

In light of these challenges, private companies can play a greater role in cyber civil defense by embracing secure-by-design principles. Sen. Brown's proposed Cybersecurity Task Force bill initially aimed to create a risk pool for schools for cybersecurity insurance, but funding concerns prevented its implementation [11]. The bill's failure underscores the need for continued efforts to address the cybersecurity needs of essential public service providers that lack the budget to secure their networks and systems [12].

In conclusion, the current shifts in federal funding for critical infrastructure cybersecurity initiatives pose significant risks to the nation's cybersecurity posture. Continued program support in specialized areas like the Department of Energy’s CCE provides some resilience, but overall, these funding and leadership changes pose significant risks [1][2][4]. As the federal government continues to reevaluate its role in cyber defense, it is crucial to ensure that critical infrastructure remains protected and that cyber civil defenders have the resources they need to continue their vital work.

[1] https://www.cyberscoop.com/cybersecurity-infrastructure-security-agency-cisa-staff-cuts-budget/ [2] https://www.energy.gov/articles/doe-invests-40-million-cybersecurity-utilities [3] https://www.nextgov.com/ai/articles/2021/03/dhs-plans-ai-information-sharing-center-fight-cybersecurity/168307/ [4] https://www.nextgov.com/cybersecurity/articles/2021/04/dhs-nist-and-dod-plan-new-cybersecurity-standards-ai-systems/168636/ [5] https://www.cltc.org/events/cyber-civil-defense-summit-2025 [6] https://www.cltc.org/events/cyber-civil-defense-summit-2025 [7] https://www.signal.org/blog/signal-at-the-cyber-civil-defense-summit/ [8] https://www.linkedin.com/pulse/cyber-civil-defense-summit-michael-klein/ [9] https://www.epa.gov/cybersecurity/epa-cybersecurity-assistance-program [10] https://www.texasborder.org/texas-border-security-council-announces-new-regional-security-operations-center-partnership-with-the-san-antonio-metropolitan-police-department [11] https://www.congress.gov/bill/117th-congress/senate-bill/1607/actions [12] https://www.congress.gov/bill/117th-congress/senate-bill/1607/text

1. Policy discussions about the future of critical infrastructure cybersecurity education in society highlight the need for increase in funding and support from both the federal government and private sector.
2. The University of California, Berkeley, recently launched an initiative aiming to promote research and innovation in cybersecurity technology, particularly focused on issues related to internet privacy and governance.
3. As the critical infrastructure sector becomes increasingly dependent on technology, it is crucial that investment in cybersecurity measures is prioritized, following the leadership set by initiatives like the one at Berkeley.
4. A leading concern in the changing cybersecurity landscape is the potential for increased cyberattacks on vital sectors such as the environment and healthcare, which could have widespread and devastating effects on individuals and society.
5. In order to mitigate these risks, it is essential that security measures and policies are put in place, ensuring that our cities, buildings, and energy facilities remain secure, now and in the future.
6. The University of Berkeley's cybersecurity initiative aims to bring together experts from various fields, including academia, industry, and government, to collaborate on strategies for enhancing the security of the internet and critical infrastructure.
7. These partnerships between institutions, businesses, and government bodies will be key in developing effective policies and technologies for the protection of the ever-evolving cyber landscape.
8. As the responsibility for federal cybersecurity preparedness shifts from the administration to state and local governments, there is a growing need for strong leadership and coordination in the implementation of cybersecurity policies and initiatives across all jurisdictions.
9. The ongoing efforts to address the challenges presented by the changing cybersecurity landscape represent a fundamental step in ensuring the security and prosperity of our nation, and all future generations.

Read also: