State Cyber Leaders Beg Congress for More Funding, Support

State Cyber Leaders Beg Congress for More Funding, Support

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersHeard It From a CISOReporters' NotebookPartner PerspectivesMeet the EditorsAdvertise With Us About UsDark Reading Resource LibraryThreat IntelligenceEndpoint SecurityCybersecurity OperationsCyber RiskCybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.State Cyber Leaders Beg Congress for More Funding, SupportA recent congressional hearing highlighted how states are reeling from federal cutbacks to important cyber grants and information sharing initiatives amid damaging attacks to critical infrastructure.Arielle Waldman,Features Writer,Dark ReadingMay 26, 20264 Min ReadSource: Gang Liu via Alamy Stock PhotoAs states grapple with sophisticated attackers, they are on their own to deliver answers. At the same time, they face harrowing budget and resource cuts.Attackers have access to tools and services to help them craft sophisticated attacks and ransomware gangs are becoming more relentless with their extortion demands – following through on data leak promises. Despite the threat pile on, states are receiving less federal help than ever.The problem came to a head earlier this month during the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing titled, “State and Local Cybersecurity: Escalating Threats, Federal Partnership, and the Resilience of America’s Communities.” Security leaders for the states of Tennessee, Florida, and New York urged lawmakers at the hearing to restore funding to the Cybersecurity and Infrastructure Security Agency (CISA) and the Information Sharing Analysis Center (ISAC) ecosystem, particularly the Multi-State Information Sharing and Analysis Center (MS-ISAC). Related:Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026The MS-ISAC is now a subscription model rather than free, which complicates the relationship between different levels of governments. Over the past year, the administration downsized CISA's staff, resources, and funding as well. When Colin Ahern, New York's director of security and intelligence, took the stand he called the hearing "urgent" and begged the federal government "to be a partner to all 50 states."  State leaders and CISOs also called on Congress to reauthorize and enhance the State and Local Cybersecurity Grant Program (SLCGP), which witness Kristin Darby, chief information officer for the state of Tennessee, described as "one of the most effective tools available to strengthen our collective defense." States require more tools because as Darby highlighted, rapid AI growth accelerated attack scale and speed, threat actors increasingly rely on supply chain compromise, and exploitation of identity systems, cloud environment, and zero-days peaked.On the other hand, states face severe budget, staff, and resource cuts. "The federal government’s actions over the past year have led to the breakdown in trust with state and local officials, particularly with respect to election cybersecurity," Darby said during the testimony. Federal Cutbacks Affect EveryoneWhen states need more help, it causes a trickle-down effect. Municipalities and small business are always running up against a lack of resources because of tightening municipal budgets, tightening state, and federal budgets, explains MassCyberCenter director John Petrozzelli. Faced with those shortages, it then becomes a matter of how do they prioritize resources? Related:Cybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsWhen you layer on cyber threats, it becomes even more dangerous, Petrozzelli tells Dark Reading. He's observed increasing risks across the identity surface, from credential stealing and threat actors' breaking into user accounts. It's continuing to grow but that has been aided by AI, he warns. "And then you have the AI tools that are on the market and tools that have been corrupted by state actors like China or Russia to use against critical infrastructure," he says. Many federally funded services are still available to municipalities like CISA's vulnerability and web application scanning, says Petrozzelli, adding that municipalities can sign up for free. But he echoed one significant change that the Committee hearing looked to address as well."The change is there's a cost to be a member of MS-ISAC and MS-ISAC isn't a federal entity, but they were funded by CISA," Petrozzelli says.How To Prioritize Cyber With Limited FundingAs federal funding wanes, states are forced to take action on their own. Collaboration is a big component of what MassCyberCenter aims to do. Training programs are one prime example. MassCyberCenter tries to point municipalities and small businesses in the right direction, "especially if there's a person who does something better than we do." MassCyberCenter is a state-level initiative that focuses on workforce development for public and private entities, as well as boosting public cybersecurity awareness.Related:Why a 17-Year-Old Built an AI Model to Expose Deepfake MapsOne source Petrozzelli  points to is the Massachusetts Executive Office of Technology Services and Security (EOTSS) which provides KnowBe4 training. That means free cybersecurity awareness training and phishing tests for municipalities or school systems. MassCyberCenter and the Office of Consumer Affairs and Business Regulation also published a joint data breach report to provide residents with feedback on data breach trends. It showed how crucial it is for organizations to patch vulnerabilities on internet-facing devices. The center offers grants, mentorship programs, and a state-funded security operations center (SOC) that includes managed endpoint detection and response around the clock, vulnerability assessment, Active Directory, and software and asset inventory."If someone signs up for our SOC, they get MS-ISAC membership and they get another program, malicious domain blocking and reporting plus," he says. "Someone with limited funding doesn't have to prioritize, 'Am I going to put money in this membership or this soc'?" About the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.    She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEdge PicksApplication SecurityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAI Agents in Browsers Light on Cybersecurity, Bypass ControlsCyber RiskBrowser Extensions Pose Heightened, but Manageable, Security RisksBrowser Extensions Pose Heightened, but Manageable, Security RisksLatest Articles in The EdgeCyber RiskVerizon DBIR: Healthcare Fends Off Increased Social Engineering AttacksMay 22, 2026|5 Min ReadCyberattacks & Data BreachesProcesses & Culture Top Reasons Behind Data BreachesMay 20, 2026|6 Min ReadCyber RiskHow CISOs Should Prep for Agentic-Ready AI BOMsMay 20, 2026|11 Min ReadCybersecurity AnalyticsWhat Will Make AI BOMs Real?May 19, 2026|3 Min ReadRead More The EdgeWant more Dark Reading stories in your Google search results?Black Hat Asia | Marina Bay Sands, SingaporeExperience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass.GET YOUR PASS