Essential Insights Gleaned from the 2025 Cyber Security Defense Symposium

Essential Insights Gleaned from the 2025 Cyber Security Defense Symposium

The Cyber Civil Defense Summit 2025, held on June 11 at the Ronald Reagan Building and International Trade Center in Washington, D.C., brought together nearly 200 members of the public interest cybersecurity community. The theme of the summit was "Collaborative Advantage: Uniting Forces to Achieve More," reflecting the shared goal of enhancing cybersecurity defenses for essential public service providers that often lack the budget to hire cybersecurity talent or purchase necessary tools.

One of the key topics discussed was the unique cybersecurity challenges facing America's water and wastewater infrastructure. The EPA offers free services, including technical cybersecurity assistance and free cybersecurity assessment of water and wastewater utilities' IT and OT systems.

Cybersecurity regulation remains a rare area of bipartisan agreement within state legislatures, but funding remains the largest barrier to passage. In response, the federal government has stepped up its efforts to support under-resourced public agencies. As of August 2025, the federal government is actively funding cybersecurity initiatives through two main grant programs: the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP).

The SLCGP allocates $91.7 million to states and local governments to support cybersecurity planning, hiring expert personnel, exercises, and service improvements. Around 80% of these funds are expected to flow through to local governments, with a required minimum of 25% benefiting rural areas. The TCGP provides $12.1 million to tribal governments for similar cybersecurity improvements. These initiatives collectively provide over $100 million in funding for Fiscal Year 2025.

However, the program’s reauthorization is under debate in Congress, with local governments urging Congress to renew it to maintain and enhance cybersecurity readiness. Eligible state and local entities must submit grant applications by August 15, 2025, and have 48 months to use the funds for cybersecurity projects.

Private companies can play a greater role in cyber civil defense, including by embracing secure-by-design principles. Michael Klein emphasized the importance of companies adopting secure-by-design principles to help 'cyber poor' organizations. Udbhav Tiwari spoke about Signal's mission to uphold user privacy and defend end-to-end encryption, setting a benchmark for what others in the tech industry should do to improve cybersecurity for everyone.

Improving rates of adoption of free cybersecurity resources depends on education, relationship building, and a mindset shift among local leaders. Tony Sauerhoff noted that it is difficult to get entities to participate in free cybersecurity services due to a lack of expertise or understanding. More outreach is needed to raise awareness and convey the value of these resources.

The Summit also highlighted the need for collaboration among cyber civil defenders to continue advancing their vital work, with or without aid from the federal government. Rep. Plaskett argued for updated standards and funding models that better account for the realities of rural healthcare systems, small island utilities, and isolated communities. A 'one-size-fits-all' approach to cybersecurity standards and resourcing often leaves smaller, underserved communities behind.

The administration's decision to end cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) was a topic of concern. The Trump Administration is also reducing the staff of the Cybersecurity and Infrastructure Security Agency (CISA) by a third and shrinking its budget by 17%.

Despite these challenges, the federal government's commitment to bolstering digital resilience in under-resourced public agencies nationwide is evident. The overall effort represents a strategic federal commitment to recognizing the increasing cyber threats to critical infrastructure and community services. The successful implementation of these initiatives will depend on continued collaboration, education, and resource allocation.

References: [1] Department of Homeland Security. (2025). State and Local Cybersecurity Grant Program. Retrieved from https://www.cisa.gov/slcgp [2] Federal Emergency Management Agency. (2025). Tribal Cybersecurity Grant Program. Retrieved from https://www.fema.gov/tcgp [3] National Association of Counties. (2025). State and Local Cybersecurity Grant Program. Retrieved from https://www.naco.org/resources/state-and-local-cybersecurity-grant-program

1. Discussions at the Cyber Civil Defense Summit 2025 highlighted the unique cybersecurity challenges facing America's water and wastewater infrastructure, with the EPA offering free cybersecurity assistance and assessments.
2. Cybersecurity regulation is a bipartisan agreement in state legislatures, but funding remains the largest barrier to passage, prompting the federal government to fund initiatives like the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP).
3. The SLCGP allocates $91.7 million to states and local governments for cybersecurity planning, hiring expert personnel, exercises, and service improvements, with 80% of funds expected to flow to local governments and a minimum of 25% benefiting rural areas.
4. These cybersecurity initiatives provide over $100 million in funding for Fiscal Year 2025, but their reauthorization is under debate in Congress, with local governments urging renewal to maintain and enhance cybersecurity readiness.
5. Private companies can contribute to cyber civil defense by adopting secure-by-design principles, like Michael Klein emphasized, and by prioritizing user privacy and end-to-end encryption, as Udbhav Tiwari discussed.
6. Improving the adoption of free cybersecurity resources requires education, relationship building, and a mindset shift among local leaders, as highlighted by Tony Sauerhoff.
7. The Summit emphasized the need for continued collaboration among cyber civil defenders to advance their work, addressing the challenges faced by rural healthcare systems, small island utilities, and isolated communities.
8. The administration's decision to end cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) was a topic of concern, as was the reduction in staff and budget of the Cybersecurity and Infrastructure Security Agency (CISA).
9. Despite these challenges, the federal government's commitment to bolstering digital resilience in under-resourced public agencies is evident, representing a strategic federal commitment to recognizing the increasing cyber threats to critical infrastructure and community services, with the successful implementation of these initiatives depending on continued collaboration, education, and resource allocation. [References available upon request]

Read also: