Insights Gleaned from the 2025 Tech Security Conference

Insights Gleaned from the 2025 Tech Security Conference

The Cyber Civil Defense Summit 2025, held at the Ronald Reagan Building and International Trade Center in Washington, D.C., on June 11, 2025, brought together nearly 200 members of the public interest cybersecurity community. The event, hosted by CLTC, aimed to address the growing concerns surrounding the state of cybersecurity funding for state, local, tribal, and territorial (SLTT) governments in the U.S.

One of the keynote speakers, Congresswoman Stacey E. Plaskett, emphasized the need for special consideration in federal cybersecurity funding formulas for island territories, citing the unique constraints they face.

The current state of cybersecurity funding for SLTT governments is increasingly constrained and uncertain. Over 80% of these governments operate with fewer than five dedicated cybersecurity employees, and 70% cite lack of adequate funding as their top security concern. This tight staffing shortage and insufficient budgets limit their ability to defend critical infrastructure from rapidly increasing cyber threats.

A recent $10 million federal funding cut to the Center for Internet Security (CIS), which aids important information sharing, exacerbates SLTT governments’ resource challenges. More alarmingly, the State and Local Cybersecurity Grant Program (SLCGP), a key federal funding source, is scheduled to expire in September 2025 with Congress unlikely to renew it. This funding expiration leaves vital sectors vulnerable, including community water and wastewater systems, electric utilities, rural hospitals, and K-12 schools—often managed by SLTT governments.

Michael Klein from the Institute for Security and Technology highlighted the need for companies to be more secure by design, while Udbhav Tiwari from Signal called for the protection of secure, private communications as a fundamental utility. Signal, a technology company, emphasized data minimization and end-to-end encryption as essential for cybersecurity.

Some private-sector partnerships aim to support SLTT cybersecurity with advanced solutions—such as Cyware and Carahsoft’s AI-powered threat intelligence tools designed for these governments based on available funding like the SLCGP. Security awareness training has also been shown to reduce phishing risks significantly at relatively low cost, offering a practical defense for understaffed agencies.

However, education, relationship building, and leadership engagement are crucial to improving cybersecurity adoption and readiness. Many SLTT entities, especially in rural areas, lack expertise or awareness to utilize federal aid and cybersecurity resources effectively.

While some states have enacted cybersecurity legislation, these are modest compared to overall needs. Legislative activity reflects a growing awareness but has not yet offset federal funding uncertainties.

In summary, SLTT governments face a critical cybersecurity funding cliff in 2025, leaving essential public service providers increasingly vulnerable amid rising cyberattacks. The funding expiration of the SLCGP, reduced federal cybersecurity cooperation, staffing shortages, and adoption challenges collectively strain SLTT cybersecurity defenses and hamper protection of critical community infrastructure.

More outreach is needed to raise awareness and convey the value of free cybersecurity resources available to under-resourced public agencies. Organizations such as the Environmental Protection Agency offer free cybersecurity assistance and assessments for water and wastewater utilities. Texas's regional security operations centers provide free cybersecurity incident response services to local governmental entities.

The Trump Administration's recent actions, including reducing the staff of the Cybersecurity and Infrastructure Security Agency (CISA) staff by a third and shrinking its budget by 17%, are seen as contributing to this crisis. Industry plays a crucial role in cyber civil defense as vendors of critical infrastructure technology and software, and private companies can contribute to cyber civil defense by adopting secure-by-default principles.

The Cyber Civil Defense Summit 2026 is anticipated, with sponsorship opportunities available. Significant contributors to the 2025 Summit included Craig Newmark Philanthropies, Okta for Good, and Google.org. The theme of the Summit was "Collaborative Advantage: Uniting Forces to Achieve More".

1. Congresswoman Stacey E. Plaskett emphasized the need for special consideration in federal cybersecurity funding formulas for island territories due to unique constraints they face.
2. The current state of cybersecurity funding for state, local, tribal, and territorial (SLTT) governments is increasingly constrained and uncertain.
3. Over 80% of these governments operate with fewer than five dedicated cybersecurity employees, and 70% cite lack of adequate funding as their top security concern.
4. A recent $10 million federal funding cut to the Center for Internet Security (CIS), which aids important information sharing, exacerbates SLTT governments’ resource challenges.
5. The State and Local Cybersecurity Grant Program (SLCGP), a key federal funding source, is scheduled to expire in September 2025 with Congress unlikely to renew it.
6. Private-sector partnerships aim to support SLTT cybersecurity with advanced solutions like Cyware and Carahsoft’s AI-powered threat intelligence tools designed for these governments based on available funding like the SLCGP.
7. Education, relationship building, and leadership engagement are crucial to improving cybersecurity adoption and readiness, especially among rural areas lacking expertise or awareness.
8. While some states have enacted cybersecurity legislation, these are modest compared to overall needs, and legislative activity has not yet offset federal funding uncertainties.
9. The Trump Administration's recent actions, such as reducing the staff of the Cybersecurity and Infrastructure Security Agency (CISA) and shrinking its budget, are seen as contributing to the current crisis in SLTT governments' cybersecurity.

Read also: