Insights Gained from the 2025 Cybersecurity Defense Conference

Insights Gained from the 2025 Cybersecurity Defense Conference

In an era where cybersecurity threats loom large, a recent summit aimed to strengthen the digital defenses of essential public service providers. The Cyber Civil Defense Summit, hosted by the Cybersecurity and Technology Policy Institute (CLTC), brought together nearly 200 members of the public interest cybersecurity community. The theme of the summit was "Collaborative Advantage: Uniting Forces to Achieve More."

One of the key topics discussed was the need for tailored cybersecurity regulations and solutions that address the unique constraints of public interest organizations. These entities often lack the budget to hire cybersecurity talent or purchase necessary tools, making them vulnerable to sophisticated cyberattacks such as ransomware and exploits of software vulnerabilities affecting critical infrastructure sectors like law enforcement, emergency services, education, water/wastewater, healthcare, energy, and defense.

The summit highlighted initiatives that provide free or discounted cybersecurity services to under-resourced public agencies. These initiatives include cyber volunteering programs, university-based cybersecurity clinics, and free government-provided services. Udbhav Tiwari of Signal emphasized the importance of privacy and end-to-end encryption, arguing that these should be the default rather than optional features.

Signal's commitment to data minimization principles and efforts to counter surveillance-based business practices were also discussed. The company's principles align with the need for public service providers to prioritize the protection of sensitive information and maintain the trust of the communities they serve.

The federal government is also stepping up its efforts to bolster cybersecurity defenses. As of 2025, cybersecurity funding for state, local, tribal, and territorial (SLTT) governments in the United States is supported through the Department of Homeland Security’s (DHS) State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP). Over $1 billion in funding across four years (FY 2022–FY 2025) has been allocated to help SLTT governments address and reduce cybersecurity risks and threats.

For FY 2025, DHS announced approximately $91.7 million in SLCGP funding and an additional $12.1 million via the TCGP to eligible SLTT governments. The programs promote strategic cybersecurity plans and encourage multi-entity and shared-service projects to enhance capabilities efficiently and tackle threats holistically across jurisdictions. Recipients are required to share costs, with the FY 2025 minimum cost-share requirement increased to 40% for standard grants and 30% for multi-entity group projects.

Despite these efforts, challenges remain. Organizations most in need of these resources often do not know they exist, necessitating outreach to raise awareness. Tony Sauerhoff, CISO for the State of Texas, highlighted the difficulty in getting entities to participate in free cybersecurity incident response services, emphasizing the need for education, relationship building, and a mindset shift among local leaders.

However, the sizeable and structured federal funding is significantly enhancing cybersecurity capacity in SLTT governments, enabling them to better secure critical infrastructure and essential community services against ongoing and evolving cyber threats, with a consistent focus on resilience and risk reduction.

While the Trump Administration has reduced the staff of the Cybersecurity and Infrastructure Security Agency (CISA) by a third and shrunk its budget by 17%, private companies can play a greater role in cyber civil defense by embracing secure-by-design principles. By shifting the burden away from organizations that lack the capacity to secure their systems on their own, we can collectively strengthen our digital defenses and protect the communities we serve.

1. The Cybersecurity and Technology Policy Institute (CLTC) at the University of California, Berkeley, emphasized the importance of cybersecurity governance in public service providers, especially due to increasing privacy concerns in the internet-reliant society.
2. Cybersecurity education is essential, as under-resourced public agencies often struggle with cybersecurity threats, such as ransomware and software vulnerabilities.
3. The term "Collaborative Advantage: Uniting Forces to Achieve More" encapsulates the summit's goal of fostering leadership and innovation in cybersecurity policy, particularly for essential sectors like education, law enforcement, and health care.
4. Initiatives like cyber volunteering programs, university-based cybersecurity clinics, and free government-provided services serve to bridge the cybersecurity gap for public interest organizations, ensuring their cybersecurity technology is up-to-date.
5. End-to-end encryption is a crucial component of any privacy-focused cybersecurity strategy, as argued by Udbhav Tiwari of Signal, favouring its integration as the default feature over optional usage.
6. Signal's commitment to data minimization and countering surveillance-based business practices mirrors the need for public service providers to protect sensitive information and uphold the trust of the communities they serve.
7. Federal funding assistance, such as the Department of Homeland Security’s (DHS) State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP), can significantly boost the cybersecurity capacity and resilience of State, Local, Tribal, and Territorial (SLTT) governments against cyber threats.
8. Despite considerable efforts to promote cybersecurity, awareness, and outreach are still necessary for organizations in need to fully benefit from available resources and initiatives.
9. Private companies can contribute to cyber civil defense by adopting secure-by-design principles, shifting the burden away from organizations with limited capacity and collectively strengthening digital defenses for the future of society.

Read also: