Insights Gleaned from the 2025 Cybersecurity Defense Conference

Insights Gleaned from the 2025 Cybersecurity Defense Conference

In the year 2025, federal funding for cybersecurity in critical infrastructure, particularly for smaller and underserved communities, has seen a significant decrease under the Trump administration's policies. This shift has led to budget cuts, staffing reductions, and the elimination of essential free services critical for protecting infrastructure.

One of the most affected agencies is the Cybersecurity and Infrastructure Security Agency (CISA). The agency has lost one-third of its workforce, and programs providing free cybersecurity assistance such as vulnerability scans, expert assessments, and tailored guidance have been drastically scaled back or are at risk of being eliminated.

President Trump signed an executive order in March 2025 that halted previous federal partnership strategies and transferred more responsibility for cybersecurity and physical infrastructure protection to states, emphasizing state and local management of preparedness. This move has led to the ending of funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which has provided threat intelligence and cyber support to state, local, territorial, and tribal governments for over two decades.

For underserved and rural communities, federal programs like the U.S. Department of Agriculture’s Rural Loan Program continue to offer some support for cybersecurity equipment and infrastructure, but overall federal funding and direct technical support have declined.

Experts have advocated for continued federal funding for workforce development and technical support programs through CISA and other agencies to help address these gaps.

The reduction in federal support poses risks, particularly to resource-poor localities that previously relied on these federal programs. The fear of funding requirements can lead to the rejection of cybersecurity-related bills, and resistance to new cybersecurity requirements comes from regulated entities that are reluctant to raise their game.

However, state legislatures are leading the way in formulating and advancing prescriptive cybersecurity regulations across critical sectors like electric utilities, water, and healthcare. Cybersecurity-related bills often receive bipartisan, if not unanimous support from both Democratic and Republican lawmakers in state legislatures.

Private companies can also play a greater role in cyber civil defense by embracing secure-by-design principles. The challenge of educating leaders at local government offices about cyber risks and available mitigation options is significant, and more outreach is needed to raise awareness and convey the value of free cybersecurity resources available to under-resourced public agencies.

The Cyber Civil Defense Summit 2025, hosted by CLTC, aimed to address the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. The Summit brought together nearly 200 members of the public interest cybersecurity community, with the theme being "Collaborative Advantage: Uniting Forces to Achieve More".

References:

1. [Link to source 1]
2. [Link to source 2]
3. [Link to source 3]
4. [Link to source 4]
5. The University of California, Berkeley has launched an initiative to address the decrease in federal funding for cybersecurity, focusing on technology research, leadership, and innovation in Internet governance and privacy.
6. Amidst budget cuts and staffing reductions at the Cybersecurity and Infrastructure Security Agency (CISA), there is a growing need for education and awareness about cybersecurity in society, particularly in underserved communities.
7. The focus on state and local management of cybersecurity preparedness has opened up opportunities for universities like Berkeley to lead in cybersecurity research and education, providing essential support to resource-poor localities.
8. As federal funding dwindles, there is an increased emphasis on collaboration between universities, private companies, and local governments to ensure the security of critical infrastructure, particularly in the areas of cybersecurity, technology, and policy.
9. In an environment where funding for cybersecurity initiatives is scarce, the cybersecurity landscape in 2025 necessitates innovative solutions and shared resources to address the growing threats to critical infrastructure.
10. The digital world presents a complex and ever-evolving challenge, and the future of our society depends on the ability to maintain a secure internet environment that prioritizes both privacy and security.
11. One of the goals of the Cyber Civil Defense Summit 2025 was to foster collaboration between public service providers, academia, and the private sector to develop practical solutions for enhancing the cybersecurity of essential services.
12. As we navigate the challenges of an increasingly connected world, it is crucial to prioritize the development of effective cybersecurity policies that protect our critical infrastructure while promoting economic growth and innovation.
13. The lack of federal funding for cybersecurity will likely lead to increased reliance on private-public partnerships and collaborative initiatives, such as the one hosted by CLTC, to ensure the safety and resilience of our society's critical infrastructure in the digital age.

Read also: