Insights Gleaned from the 2025 Cybersecurity Defense Conference

Insights Gleaned from the 2025 Cybersecurity Defense Conference

State Legislatures Address Cybersecurity in Essential Public Services

In the realm of cybersecurity, state legislatures across the United States have been taking significant strides to enhance the protection of essential public services. The Cyber Civil Defense Summit 2025, held in Washington, D.C., brought together key figures from academia, government, and industry to discuss these developments.

One of the key issues addressed was the strengthening of cybersecurity for essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. According to Tony Sauerhoff, CISO for the State of Texas, improving rates of adoption depends not just on funding, but also on education, relationship building, and a mindset shift among local leaders.

In response, several states have taken steps to create centralized cybersecurity authorities to coordinate readiness and incident response across public-sector entities. For example, Texas established the Texas Cyber Command in 2025, which consolidates cybersecurity functions for state agencies and public institutions to enhance coordination, threat response, and readiness.

State legislatures have also been focusing on establishing governance structures, coordinated leadership, and strategic cybersecurity plans. In 2025, about 27% of state legislative actions on cybersecurity were focused on creating leadership and governance frameworks within organizations serving the public to oversee cybersecurity coordination and programs.

Moreover, states are aligning with federal grants and planning requirements such as the State and Local Cybersecurity Grant Program (SLCGP) by developing approved statewide cybersecurity plans. These plans must incorporate protections against cybersecurity risks across state, local, and tribal systems and outline responsibilities, resource needs, project summaries, and metrics to measure progress in cybersecurity efforts.

While direct sector-specific mandates vary by state, the general legislative emphasis is on governance and leadership, centralized coordination entities, mandated cybersecurity planning and compliance, and the promotion of cybersecurity best practices and workforce development within state and local government agencies.

The Summit also highlighted the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organizations. Rep. Plaskett argued for updated standards and funding models that better account for the realities of rural healthcare systems, small island utilities, and isolated communities.

However, funding remains a significant barrier to the passage of cybersecurity-related regulation. Congress is unlikely to reauthorize the State and Local Cybersecurity Grant Program, a federal initiative providing cybersecurity funding to state, local, tribal, and territorial governments. The administration has reduced the staff of the Cybersecurity and Infrastructure Security Agency (CISA) by a third and shrunk its budget by 17%.

Despite these challenges, private companies can play a greater role in cyber civil defense by embracing secure-by-design principles. Udbhav Tiwari, Vice President of Strategy and Global Affairs at Signal, emphasized the importance of end-to-end encryption as the default, and Signal's commitment to data minimization principles and countering surveillance-based business practices.

In conclusion, state legislatures are addressing cybersecurity in essential public service providers by establishing governance structures, creating centralized coordination bodies for public-sector cybersecurity operations, mandating strategic cybersecurity planning aligned with federal frameworks, and promoting best practices in critical sectors like electric utilities, water, and healthcare mainly via governance and coordination rather than prescriptive regulations on technology choices or penalties in the private sector. The Cyber Civil Defense Summit 2025 underscored the need for continued collaboration and outreach to overcome funding barriers and raise awareness about the value of free cybersecurity resources available to under-resourced public agencies.

References:

1. State and Local Cybersecurity: Current and Future Trends
2. Texas Cyber Command
3. State and Local Cybersecurity Grant Program
4. Cybersecurity Information Sharing Act (CISA) 2015
5. Promoting Cybersecurity for Critical Infrastructure: A Role for State Government
6. The Cyber Civil Defense Summit 2025 emphasized the importance of innovation in addressing cybersecurity challenges, particularly in essential public services.
7. Improving cybersecurity policy is crucial for safeguarding essential public services that lack the means to hire cybersecurity talent or purchase necessary tools.
8. In response to this need, many states have initiated research to develop technology-driven solutions that are affordable and effective for public sector entities.
9. The future of cybersecurity is heavily reliant on strong cybersecurity policies, technology, and leadership to protect critical infrastructure from cyber threats.
10. The establishment of the Texas Cyber Command was one such initiative aimed at enhancing security, intelligence, and response capabilities in Texas' public sector.
11. Universities play a vital role in educating the next generation of cybersecurity professionals, thus contributing to the broader goal of securing the internet and society.
12. Effective cybersecurity policies must prioritize privacy protection and data security to minimize the risk of breaches and safeguard sensitive information.
13. Cybersecurity governance is essential for ensuring coordinated leadership across agencies and fostering a culture of security awareness within the public sector.
14. The recent trend in state legislation includes the creation of centralized cybersecurity authorities to improve coordination and response efforts in critical sectors like healthcare, utilities, and education.
15. Enhanced cybersecurity initiatives in essential public services are vital for the overall safety and well-being of our society, underscoring the need for continued collaboration and investment in cybersecurity education, self-development, and best practices.

Read also: