Insights Gained from the 2025 Cyber Security Defense Convention

Insights Gained from the 2025 Cyber Security Defense Convention

The Trump Administration's cybersecurity policy has had a significant impact on the federal government's role in cyber defense, with both expansions and contractions in various areas.

In 2018, the Administration released the National Cyber Strategy, aiming to enhance federal cybersecurity capabilities in response to rising cyber threats, signaling a more robust federal role in cyber defense [1]. However, in 2025, executive orders were issued that aimed to improve network visibility and reduce cyber risks across federal agencies. These orders gave the Cybersecurity and Infrastructure Security Agency (CISA) a more prominent coordination role and new responsibilities [2].

However, these orders also loosened some prior cybersecurity mandates compared to the Biden administration's earlier directives, making some security requirements less strict for federal agencies and potentially reducing the scope of federal enforcement [2].

Regarding funding for cybersecurity at state and local government levels, the Trump Administration's approach appears mixed. CISA, established under the Trump Administration, initially grew in budget and role, but recent moves under Trump's 2025 policies reportedly include significant cuts to CISA’s workforce (down by one-third) and funding reductions proposed for FY 2026 [2]. This may limit support capacity for state and local cybersecurity initiatives.

Some critics, including congressional Democrats, express skepticism about the Administration's commitment to cybersecurity, alleging that policy decisions, such as driving out cyber experts and rolling back supply chain protections, weaken overall government cybersecurity efforts and indirectly affect support to states and localities [2].

There is no clear indication that the Trump Administration has directly increased federal funding targeted specifically at state and local cybersecurity programs. The emphasis has been on federal agency cybersecurity and CISA-led coordination, with some budgetary contractions raising concerns about diminished resources for broader cybersecurity assistance to non-federal entities [2].

On June 11, 2025, the Cyber Civil Defense Summit was hosted by CLTC at the Ronald Reagan Building and International Trade Center in Washington, D.C. The Summit's theme was Collaborative Advantage: Uniting Forces to Achieve More. The event aimed to address questions around the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools.

One of the key discussions at the Summit focused on the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organizations. For instance, Texas's regional security operations centers offer free cybersecurity incident response services to local governmental entities, while the Environmental Protection Agency offers free cybersecurity assistance to water and wastewater utilities.

Private companies, such as Signal, can also play a greater role in cyber civil defense by embracing secure-by-design principles. Signal, committed to data minimization principles and user privacy, has deployed post-quantum cryptography and introduced a username feature to decouple private communications from phone numbers. The company has also implemented digital rights management technology to prevent AI-enabled features from taking screenshots.

Udbhav Tiwari of Signal spoke at the Summit, emphasising the importance of end-to-end encryption as the default setting. He called on cyber civil defenders to work to ensure spaces for secure, private communications. The Summit also explored how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government.

Despite the challenges posed by the Trump Administration's policy changes, outreach is needed to raise awareness about the free cybersecurity resources available to public agencies. Many public agencies lack awareness of these resources, and efforts to increase their knowledge could help strengthen cybersecurity efforts at the state and local levels.

[1] White House. (2018). National Cyber Strategy of the United States of America. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/09/NSC-2018-09-doc.pdf

[2] CyberScoop. (2021). Trump's cybersecurity legacy: What he did, what he didn't, and what's next. Retrieved from https://www.cyberscoop.com/trump-administration-cybersecurity-legacy-cybersecurity-and-infrastructure-security-agency-cisa-budget/

Title: Collaboration and Innovation at the Cyber Civil Defense Summit

The Cyber Civil Defense Summit, held on June 11, 2025, brought together nearly 200 members of the public interest cybersecurity community. The event's theme was Collaborative Advantage: Uniting Forces to Achieve More, reflecting the importance of collaboration in addressing the challenges of cybersecurity.

Many public agencies lack awareness of free cybersecurity resources available to them. The Summit highlighted several examples of resources that are available but underutilised, such as Texas's regional security operations centers, which offer free cybersecurity incident response services to local governmental entities, and the Environmental Protection Agency's free cybersecurity assistance to water and wastewater utilities.

Private companies, such as Signal, can also contribute to the cyber civil defense effort by embracing secure-by-design principles. Signal, committed to data minimization principles and user privacy, has deployed post-quantum cryptography and introduced a username feature to decouple private communications from phone numbers. The company has also implemented digital rights management technology to prevent AI-enabled features from taking screenshots.

Udbhav Tiwari of Signal spoke at the Summit, emphasising the importance of end-to-end encryption as the default setting. He called on cyber civil defenders to work to ensure spaces for secure, private communications.

The Summit also focused on exploring how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government. One of the key discussions revolved around the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organisations.

The Summit aimed to address questions around the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. The event highlighted the importance of collaboration and innovation in overcoming these challenges and ensuring the security of our critical infrastructure.

Title: The Role of State and Local Governments in Cybersecurity

The Trump Administration's policy changes have had a significant impact on the federal government's role in cyber defense and cybersecurity funding, particularly affecting state and local governments.

In 2018, the Trump Administration released the National Cyber Strategy, aiming to enhance federal cybersecurity capabilities in response to rising cyber threats, signaling a more robust federal role in cyber defense [1]. However, in 2025, executive orders were issued that aimed to improve network visibility and reduce cyber risks across federal agencies. These orders gave the Cybersecurity and Infrastructure Security Agency (CISA) a more prominent coordination role and new responsibilities [2].

However, these orders also loosened some prior cybersecurity mandates compared to the Biden administration's earlier directives, making some security requirements less strict for federal agencies and potentially reducing the scope of federal enforcement [2].

Regarding funding for cybersecurity at state and local government levels, the Trump Administration's approach appears mixed. CISA, established under the Trump Administration, initially grew in budget and role, but recent moves under Trump's 2025 policies reportedly include significant cuts to CISA’s workforce (down by one-third) and funding reductions proposed for FY 2026 [2]. This may limit support capacity for state and local cybersecurity initiatives.

Some critics, including congressional Democrats, express skepticism about the Administration's commitment to cybersecurity, alleging that policy decisions, such as driving out cyber experts and rolling back supply chain protections, weaken overall government cybersecurity efforts and indirectly affect support to states and localities [2].

There is no clear indication that the Trump Administration has directly increased federal funding targeted specifically at state and local cybersecurity programs; rather, the emphasis has been on federal agency cybersecurity and CISA-led coordination, with some budgetary contractions raising concerns about diminished resources for broader cybersecurity assistance to non-federal entities [2].

Trump signed an executive order that transfers responsibility for cybersecurity preparedness to state and local governments, which may put additional pressure on these entities to invest in cybersecurity measures. However, many state and local governments lack the resources and expertise to effectively address cybersecurity threats.

In summary, the Trump Administration strengthened federal cyber defense infrastructure through strategy and executive orders but also rolled back some protections and reduced funding/staffing at key agencies like CISA, which likely constrained federal support for state and local cybersecurity initiatives [1][2].

[1] White House. (2018). National Cyber Strategy of the United States of America. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/09/NSC-2018-09-doc.pdf

[2] CyberScoop. (2021). Trump's cybersecurity legacy: What he did, what he didn't, and what's next. Retrieved from https://www.cyberscoop.com/trump-administration-cybersecurity-legacy-cybersecurity-and-infrastructure-security-agency-cisa-budget/

1. The Trump Administration's cybersecurity policy, as evidenced by the National Cyber Strategy of 2018, aimed to improve the federal government's capabilities in cyber defense, in response to escalating cyber threats.
2. In 2025, executive orders were issued to enhance network visibility and reduce cyber risks across federal agencies, delegating a more prominent coordination role to the Cybersecurity and Infrastructure Security Agency (CISA).
3. While these orders augmented CISA's responsibilities, they also relaxed some prior cybersecurity mandates, potentially narrowing the scope of federal enforcement compared to the Biden administration’s earlier directives.
4. The Trump Administration's approach to funding for cybersecurity at state and local government levels seems inconsistent, with CISA initially witnessing budget and role growth, followed by potential contractions under Trump’s 2025 policies, such as downsizing the workforce and reducing proposed funding for FY 2026.
5. Critics, including congressional Democrats, suspect that the Administration's overall commitment to cybersecurity may be weakened due to policy decisions like the dismissal of cyber experts and the rollback of supply chain protections.
6. The Cyber Civil Defense Summit, emphasizing collaboration and innovation, highlighted the need for tailored cybersecurity regulations and solutions that address the unique challenges faced by public interest organizations.
7. Texas's regional security operations centers provide free cybersecurity incident response services to local governmental entities, while the Environmental Protection Agency offers free cybersecurity assistance to water and wastewater utilities.
8. Private companies like Signal can contribute to cyber civil defense efforts by adopting secure-by-design principles, minimizing data, deploying post-quantum cryptography, and implementing digital rights management technology.
9. Even with the challenges posed by the Trump Administration's policy changes, it is crucial to raise awareness about the free cybersecurity resources available to public agencies to strengthen cybersecurity efforts at the state and local levels.

Read also: