Insights Gained from the 2025 Cyber Security Defense Convention

The Trump Administration's cybersecurity policy has had a significant impact on the federal government's role in cyber defense, with both expansions and contractions in various areas.

In 2018, the Administration released the National Cyber Strategy, aiming to enhance federal cybersecurity capabilities in response to rising cyber threats, signaling a more robust federal role in cyber defense [1]. However, in 2025, executive orders were issued that aimed to improve network visibility and reduce cyber risks across federal agencies. These orders gave the Cybersecurity and Infrastructure Security Agency (CISA) a more prominent coordination role and new responsibilities [2].

However, these orders also loosened some prior cybersecurity mandates compared to the Biden administration's earlier directives, making some security requirements less strict for federal agencies and potentially reducing the scope of federal enforcement [2].

Regarding funding for cybersecurity at state and local government levels, the Trump Administration's approach appears mixed. CISA, established under the Trump Administration, initially grew in budget and role, but recent moves under Trump's 2025 policies reportedly include significant cuts to CISA’s workforce (down by one-third) and funding reductions proposed for FY 2026 [2]. This may limit support capacity for state and local cybersecurity initiatives.

Some critics, including congressional Democrats, express skepticism about the Administration's commitment to cybersecurity, alleging that policy decisions, such as driving out cyber experts and rolling back supply chain protections, weaken overall government cybersecurity efforts and indirectly affect support to states and localities [2].

There is no clear indication that the Trump Administration has directly increased federal funding targeted specifically at state and local cybersecurity programs. The emphasis has been on federal agency cybersecurity and CISA-led coordination, with some budgetary contractions raising concerns about diminished resources for broader cybersecurity assistance to non-federal entities [2].

On June 11, 2025, the Cyber Civil Defense Summit was hosted by CLTC at the Ronald Reagan Building and International Trade Center in Washington, D.C. The Summit's theme was Collaborative Advantage: Uniting Forces to Achieve More. The event aimed to address questions around the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools.

One of the key discussions at the Summit focused on the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organizations. For instance, Texas's regional security operations centers offer free cybersecurity incident response services to local governmental entities, while the Environmental Protection Agency offers free cybersecurity assistance to water and wastewater utilities.

Private companies, such as Signal, can also play a greater role in cyber civil defense by embracing secure-by-design principles. Signal, committed to data minimization principles and user privacy, has deployed post-quantum cryptography and introduced a username feature to decouple private communications from phone numbers. The company has also implemented digital rights management technology to prevent AI-enabled features from taking screenshots.

Udbhav Tiwari of Signal spoke at the Summit, emphasising the importance of end-to-end encryption as the default setting. He called on cyber civil defenders to work to ensure spaces for secure, private communications. The Summit also explored how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government.

Despite the challenges posed by the Trump Administration's policy changes, outreach is needed to raise awareness about the free cybersecurity resources available to public agencies. Many public agencies lack awareness of these resources, and efforts to increase their knowledge could help strengthen cybersecurity efforts at the state and local levels.

[1] White House. (2018). National Cyber Strategy of the United States of America. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/09/NSC-2018-09-doc.pdf

[2] CyberScoop. (2021). Trump's cybersecurity legacy: What he did, what he didn't, and what's next. Retrieved from https://www.cyberscoop.com/trump-administration-cybersecurity-legacy-cybersecurity-and-infrastructure-security-agency-cisa-budget/

Title: Collaboration and Innovation at the Cyber Civil Defense Summit

The Cyber Civil Defense Summit, held on June 11, 2025, brought together nearly 200 members of the public interest cybersecurity community. The event's theme was Collaborative Advantage: Uniting Forces to Achieve More, reflecting the importance of collaboration in addressing the challenges of cybersecurity.

Many public agencies lack awareness of free cybersecurity resources available to them. The Summit highlighted several examples of resources that are available but underutilised, such as Texas's regional security operations centers, which offer free cybersecurity incident response services to local governmental entities, and the Environmental Protection Agency's free cybersecurity assistance to water and wastewater utilities.

Private companies, such as Signal, can also contribute to the cyber civil defense effort by embracing secure-by-design principles. Signal, committed to data minimization principles and user privacy, has deployed post-quantum cryptography and introduced a username feature to decouple private communications from phone numbers. The company has also implemented digital rights management technology to prevent AI-enabled features from taking screenshots.

The Summit also focused on exploring how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government. One of the key discussions revolved around the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organisations.

The Summit aimed to address questions around the cybersecurity of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. The event highlighted the importance of collaboration and innovation in overcoming these challenges and ensuring the security of our critical infrastructure.

Title: The Role of State and Local Governments in Cybersecurity

The Trump Administration's policy changes have had a significant impact on the federal government's role in cyber defense and cybersecurity funding, particularly affecting state and local governments.

In 2018, the Trump Administration released the National Cyber Strategy, aiming to enhance federal cybersecurity capabilities in response to rising cyber threats, signaling a more robust federal role in cyber defense [1]. However, in 2025, executive orders were issued that aimed to improve network visibility and reduce cyber risks across federal agencies. These orders gave the Cybersecurity and Infrastructure Security Agency (CISA) a more prominent coordination role and new responsibilities [2].

There is no clear indication that the Trump Administration has directly increased federal funding targeted specifically at state and local cybersecurity programs; rather, the emphasis has been on federal agency cybersecurity and CISA-led coordination, with some budgetary contractions raising concerns about diminished resources for broader cybersecurity assistance to non-federal entities [2].

Trump signed an executive order that transfers responsibility for cybersecurity preparedness to state and local governments, which may put additional pressure on these entities to invest in cybersecurity measures. However, many state and local governments lack the resources and expertise to effectively address cybersecurity threats.

In summary, the Trump Administration strengthened federal cyber defense infrastructure through strategy and executive orders but also rolled back some protections and reduced funding/staffing at key agencies like CISA, which likely constrained federal support for state and local cybersecurity initiatives [1][2].

[1] White House. (2018). National Cyber Strategy of the United States of America. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/09/NSC-2018-09-doc.pdf