Insights Gained from the 2025 Cyber Security Defense Conference

Insights Gained from the 2025 Cyber Security Defense Conference

The Cyber Civil Defense Summit, held in Washington, D.C. on June 11, 2025, brought together nearly 200 members of the public interest cybersecurity community, aiming to address the cybersecurity needs of essential public service providers that lack the budget to hire cybersecurity talent or purchase necessary tools. The theme of the Summit was "Collaborative Advantage: Uniting Forces to Achieve More."

The Summit highlighted the challenges faced by underserved communities in providing cybersecurity for essential public services. These resource gaps, including insufficient funding for security tools, lack of cybersecurity expertise, and limited technology capabilities, lead to what is termed the "Cyber Poverty Line." This vulnerability is particularly pronounced in small, rural, critical access healthcare providers who must balance patient care staffing against investing in cybersecurity.

Rep. Plaskett argued for updated standards and funding models that better account for the realities of rural healthcare systems, small island utilities, and isolated communities. A 'one-size-fits-all' approach to cybersecurity standards and resourcing often leaves smaller, underserved communities behind.

Private companies can play a greater role in cyber civil defense, including by embracing secure-by-design principles. Signal, a private company, emphasizes user privacy and end-to-end encryption as default features. Udbhav Tiwari from Signal spoke about the company's commitment to data minimization and countering surveillance-based business practices.

Congress is unlikely to reauthorize the State and Local Cybersecurity Grant Program, a federal initiative providing cybersecurity funding to state, local, tribal, and territorial (SLTT) governments. However, federal grant programs contribute by allocating significant funding, with at least 25% directed to rural and tribal communities. These grants help build sustainable cybersecurity capabilities through multi-year efforts rather than one-time purchases, supporting the development of cybersecurity plans and internal capacity at the local level.

The Trump Administration's decision to reduce the staff of the Cybersecurity and Infrastructure Security Agency (CISA) by a third and shrink its budget by 17% has raised concerns about the future of cybersecurity preparedness. The administration has also ended cooperative agreements with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Despite these challenges, the Summit focused on exploring how cyber civil defenders can work together to continue advancing their vital work, with or without aid from the federal government. Texas's regional security operations centers provide free cybersecurity incident response services to local governmental entities, and the Environmental Protection Agency offers free cybersecurity assistance to water and wastewater utilities.

The Cyber Civil Defense Summit 2026 is anticipated, with sponsorship opportunities available. A comprehensive approach that integrates governance, planning, continuous assessment, mitigation aligned with frameworks like the Cybersecurity Performance Goals (CPGs), and workforce development is essential to bridge the cybersecurity gap in underserved communities. The principle that "cyber safety is patient safety" emphasizes the need for integrated public-private collaboration, reinforced by policy and funded programs.

References: [1] Cybersecurity for Critical Access Hospitals: A Case Study [2] Cybersecurity for Small and Medium-Sized Enterprises: A Guide [3] Federal Grant Programs for State and Local Cybersecurity [4] Cybersecurity Performance Goals

1. The Cyber Civil Defense Summit, held in 2026, will focus on advancing cybersecurity for essential public service providers, with a emphasis on underserved communities.
2. The lack of cybersecurity funding, expertise, and technology in small, rural, critical access healthcare providers can be considered the "Cyber Poverty Line."
3. Rep. Plaskett advocates for updated standards and funding models that cater to the unique needs of rural healthcare systems, small island utilities, and isolated communities.
4. Private companies like Signal can contribute to cyber civil defense by adopting secure-by-design principles, prioritizing user privacy, and minimizing data usage.
5. Federal grant programs, such as the State and Local Cybersecurity Grant Program, allocate significant funding to rural and tribal communities for sustainable cybersecurity capabilities.
6. The reduction in staff and budget of the Cybersecurity and Infrastructure Security Agency (CISA) and the termination of cooperative agreements with MS-ISAC and EI-ISAC have raised concerns about the future of cybersecurity preparedness.
7. Collaborative efforts like Texas's regional security operations centers and the Environmental Protection Agency's free cybersecurity assistance to water and wastewater utilities demonstrate the importance of public-private partnerships in cybersecurity.
8. A comprehensive approach to bridging the cybersecurity gap in underserved communities involves governance, planning, continuous assessment, mitigation, and workforce development, guided by frameworks like the Cybersecurity Performance Goals (CPGs).
9. The principle that "cyber safety is patient safety" underscores the necessity for integrated public-private collaboration, reinforced by policy and funded programs, to protect society in the future of a growing internet and expanding digital environment.

Reference(s):[1] Cybersecurity for Critical Access Hospitals: A Case Study[2] Cybersecurity for Small and Medium-Sized Enterprises: A Guide[3] Federal Grant Programs for State and Local Cybersecurity[4] Cybersecurity Performance Goals

Read also: